[Samba] How to configuring 389ds to the backed user authentication on Samba-ad
Ahmed Taleb
ahmed.taleb at pawsey.org.au
Fri Nov 15 02:31:50 UTC 2024
Hi,
I hope this is the correct forum to ask this question. I am looking for some guidance on whether Samba-ad can be (or should be) configured using ldap (389-ds) as the back end for user authentication in a production environment.
I have come across a few forums and went through you’re documentation pages but the information isn’t clear so thought to ask the question directly to the source.
What we are looking to achieve:
Our environment is mainly consistent of Linux/Unix operating systems. Our users are mainly researcher and we use 389ds for user authenticating.
I am looking for a solution to maintain a relatively small setup of Windows machines (20 nodes) used by researchers to remote visualise their work. We are currently using pGina to authenticate our users Windows login against our 389-ds, though we would like to also manage Windows using Group Policies which is where Samba-ad comes in.
My concern with pGina is that is been a quiet project and the uncertainty whether the developers are still interested in the project if Windows decides to change the way it authenticates its users.
We were also considering syncing our 389-ds with AD in a one way sync, but having to unhash user passwords in the change log seemed a bit .. unsecure.
Any guidance would be greatly appreciated.
Ahmed
More information about the samba
mailing list