[Samba] LDAP Access

Stefan Kania stefan at kania-online.de
Sun Dec 17 10:14:15 UTC 2023



Am 17.12.23 um 10:14 schrieb Pluess, Tobias via samba:
> Good day
> 
> I have setup a Samba Active Directory with a couple users and configured
> also the Email address for the. Now, my Email provider supports
> authentication via LDAP.
> This would be awesome as the users could use the same login for their
> computers and for their Email, and further, if one changes the password,
> the Email password is changed as well.
> However, obviously, it will be necessary that the Email server gets access
> to my Samba AD DC.
> 
> I am not sure if it is a wise idea to expose the Samba DC to the internet;
> of course there is only one IP address that needs to have access, but still.
> 
> I was thinking about this now for a while.
> 
> a) would it be a problem to expose the Samba DC to the internet, with the
> firewall only allowing exactly one certain IP to access?
No
> b) or should I replicate the Samba AD DC somehow, and expose only the
> "copy" to the internet and replicate, say, every hour or so.
> 
No
> Or should I skip this idea at all?
No
> I found it a bit painful to maintain both, AD users and Email users, and
> further, it is a bit confusing for some users if they need a different
> password for their mail.


> Any ideas?

Use an OpenLDAP-Proxy to authenticate the users ,so you only need LDAP 
with starttls or LDAPS.



More information about the samba mailing list