[Samba] Samba 4.19 and OpenLDAPs
Rowland Penny
rpenny at samba.org
Tue May 6 16:50:09 UTC 2025
On Tue, 6 May 2025 16:31:29 +0000
Shannon Price via samba <samba at lists.samba.org> wrote:
>
> Sorry - my redaction was incomplete/incorrect in the smb.conf
> message. Corrected, redacted smb.conf below. I need to authenticate
> against AD, which does work, but idmap vs LDAP server (OpenLDAP).
Samba cannot do that.
>
> Why wouldn't I see traffic between the Samba server and the LDAP
> server? ("well there wouldn't be")
You have 'security = ads' , if you use this, Samba must be a domain
member in an ADS realm, it requires Kerberos and Samba must be joined
to the realm using 'net'.
To use idmap_rfc2307, you need to use 'security = user' and probably
also SMBv1 (I have never used idmap_rfc2307, so am not sure about this,
but normally using an ldap backend with Samba requires SMBv1 e.g. a
PDC).
Different backends use different code paths in Samba.
Rowland
More information about the samba
mailing list