[Samba] Samba 4.19 and OpenLDAPs
Shannon Price
pricesw at auburn.edu
Tue May 6 16:54:07 UTC 2025
If we use "security=user" (and idmap_rfc2307), we won't be able to authenticate against another source, right? (e.g. an AD domain)? The password would also need to come from Samba?
I saw an older posting from you about "idmap_script" is that still a valid backend? The man page exists, but I don't want to go down more deprecated rabbit holes.
--
Shannon
-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland Penny via samba
Sent: Tuesday, May 6, 2025 11:50 AM
To: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Samba 4.19 and OpenLDAPs
On Tue, 6 May 2025 16:31:29 +0000
Shannon Price via samba <samba at lists.samba.org> wrote:
>
> Sorry - my redaction was incomplete/incorrect in the smb.conf message.
> Corrected, redacted smb.conf below. I need to authenticate against
> AD, which does work, but idmap vs LDAP server (OpenLDAP).
Samba cannot do that.
>
> Why wouldn't I see traffic between the Samba server and the LDAP
> server? ("well there wouldn't be")
You have 'security = ads' , if you use this, Samba must be a domain member in an ADS realm, it requires Kerberos and Samba must be joined to the realm using 'net'.
To use idmap_rfc2307, you need to use 'security = user' and probably also SMBv1 (I have never used idmap_rfc2307, so am not sure about this, but normally using an ldap backend with Samba requires SMBv1 e.g. a PDC).
Different backends use different code paths in Samba.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list