Marc Petitmermet
2004-Jun-20 21:54 UTC
[Samba] multiple passdb backends: ldaps for users, everything else locally?
dear list members is it possible to only have the users authenticate against an external ldap server and everything else managed locally on the samba server? the problem is that i only can authenticate against the central ldap but not write to it. this means that samba "root" as well as all machine accounts have to be managed locally and the users' homes information is retrieved by nis. in the manual page of smb.conf i read the following: "Multiple backends can be specified, separated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified." now, when i define the passdb backends as following in this order does my intention work? passdb backend = tdbsam ldapsam:ldaps://ldaps01.domain.com "root" is defined locally in tdbsam, all users in ldap. machines are also added locally. regards, marc
Paul Gienger
2004-Jun-21 13:37 UTC
[Samba] multiple passdb backends: ldaps for users, everything else locally?
Marc Petitmermet wrote:> dear list members > > is it possible to only have the users authenticate against an external > ldap server and everything else managed locally on the samba server? > the problem is that i only can authenticate against the central ldap > but not write to it. this means that samba "root" as well as all > machine accounts have to be managed locally and the users' homes > information is retrieved by nis.In your situation, you can't modify the users' entries in LDAP to add the samba information either I would guess. For this type of a situation, use either the password file (is the option smbpasswd?) or tdbsam. You don't need to specify that ldap is involved at all. This is the same way that a single workstation has user entries in the passwd file and then samba maintains its own user information file.> > in the manual page of smb.conf i read the following: > > "Multiple backends can be specified, separated by spaces. The backends > will be searched in the order they are specified. New users are always > added to the first backend specified." > > now, when i define the passdb backends as following in this order does > my intention work? > > passdb backend = tdbsam ldapsam:ldaps://ldaps01.domain.com > > "root" is defined locally in tdbsam, all users in ldap. machines are > also added locally. > > regards, > marc >-- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:pgienger@ae-solutions.com
Seemingly Similar Threads
- multiple passdb backends for standalone fileserver?
- Compareing backends
- POLL: Does anyone actually use multiple passdb backends on the same server?
- tdbsam and variables
- Samba3-beta1 as a PDC and using tdbsam as passdb backend it takes the home-directory info from /etc/passwd