[Samba] How to configuring 389ds to the backed user authentication on Samba-ad
Ahmed Taleb
ahmed.taleb at pawsey.org.au
Fri Nov 15 13:09:39 UTC 2024
So not even if you sync 389 to samba local ldap?
On 15 November 2024 3:51:45 pm AWST, Rowland Penny via samba <samba at lists.samba.org> wrote:
>On Fri, 15 Nov 2024 10:31:50 +0800
>Ahmed Taleb via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>>
>>
>> I hope this is the correct forum to ask this question. I am looking
>> for some guidance on whether Samba-ad can be (or should be)
>> configured using ldap (389-ds) as the back end for user
>> authentication in a production environment.
>>
>>
>>
>> I have come across a few forums and went through you’re documentation
>> pages but the information isn’t clear so thought to ask the question
>> directly to the source.
>>
>>
>>
>> What we are looking to achieve:
>>
>> Our environment is mainly consistent of Linux/Unix operating systems.
>> Our users are mainly researcher and we use 389ds for user
>> authenticating.
>>
>> I am looking for a solution to maintain a relatively small setup of
>> Windows machines (20 nodes) used by researchers to remote visualise
>> their work. We are currently using pGina to authenticate our users
>> Windows login against our 389-ds, though we would like to also manage
>> Windows using Group Policies which is where Samba-ad comes in.
>>
>>
>>
>> My concern with pGina is that is been a quiet project and the
>> uncertainty whether the developers are still interested in the
>> project if Windows decides to change the way it authenticates its
>> users.
>>
>>
>>
>> We were also considering syncing our 389-ds with AD in a one way
>> sync, but having to unhash user passwords in the change log seemed a
>> bit .. unsecure.
>>
>>
>>
>> Any guidance would be greatly appreciated.
>>
>>
>>
>> Ahmed
>>
>>
>>
>
>Sorry but no you cannot run a Samba AD DC on top of 389-ds or any other
>ldap, you must use the builtin Samba ldap.
>
>From what you are describing, it will probably be easier to replace
>your 389-ds server with Samba AD DC(s).
>
>Rowland
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list