I have a question for those of you out there. I work at a university where we already have our ldap systems in place and use them for almost all authentication. I would like to implement a samba file server that authenticates of our existing ldap server. Would the best solution be to have samba authticate off of ldap through pam. Is this even available. Can anyone point me in the right direction. Everything out there talks about implemeting samba with a NEW openldap server. I would also consider making samba a PDC but thats not my main goal. What is the best way to go with what I want to do and with what I already have? Any good docs that could help me. All the normal docs dont fit to environment. Thanks in advance
On Tue, 2004-02-10 at 15:28, testme@temple.edu wrote:> I have a question for those of you out there. I work at a > university where we already have our ldap systems in place > and use them for almost all authentication. I would like to > implement a samba file server that authenticates of our > existing ldap server. Would the best solution be to have > samba authticate off of ldap through pam. Is this even > available. Can anyone point me in the right direction. > Everything out there talks about implemeting samba with a > NEW openldap server. I would also consider making samba a > PDC but thats not my main goal. What is the best way to go > with what I want to do and with what I already have? Any > good docs that could help me. All the normal docs dont fit > to environment. Thanks in advanceYou could use PAM - but that's strongly discouraged because to do that, you must use plaintext passwords, and to do that you must enable hacks on the client, suffer client bugs and expose passwords on the network... If there is not a windows authentication domain that you can join, then you must either populate the LDAP server with sambaNTpassword and sambaLMpassword, or maintain something locally. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040210/7c9f6260/attachment.bin
So your saying that the best way is to get my filserver up and running is to populate my ldap server with the needed samba attributes? So what I have right now is all my users in ldap and also in /etc/passwd. How do I get the needed info(samba) into ldap for all my users?
Sorry about the email addy. I was testing something and forgot to switch it back. I could join someones windows domain here at the university but all of the that is useless to me or altleast the data in there is. Our main source of user info and the only one that is reliable is in our ldap server. It is used throughout the univeristy is our central means of authentication. I would like to get samba up and running as a file server so users can mount there shares. I guesse my main question is how do I get all the needed samba info into ldap fo rall my existing 50k users. I also have /etc/* on my true64 system which holds all uids/passwords and groups if needed to get the needed samba data and windows passwords into ldap. Whats the best way to do this in an existing ldap environment.