Tomasz Chmielewski
2006-Jan-27 08:23 UTC
[Samba] "LDAP only" authentication without NSS/PAM - possible?
Is it possible to configure Samba so that it could authenticate users from the LDAP server *only* (i.e., operating system doesn't see the users from LDAP). I'm working on an embedded Samba domain controller, it is based on Linux / busybox / uClibc (and Samba with OpenLDAP). The system doesn't use glibc, but it's smaller brother uClibc, and it doesn't have anything like PAM or NSS. Because of this, Samba can fetch the users from LDAP, but can't verify that these users exist as system users - and refuses to logon with NO_SUCH_USER. Is there a way I can use Samba + LDAP without seeing LDAP users as system users? -- Tomasz Chmielewski http://wpkg.org
Andrew Bartlett
2006-Jan-30 21:30 UTC
[Samba] "LDAP only" authentication without NSS/PAM - possible?
On Fri, 2006-01-27 at 09:22 +0100, Tomasz Chmielewski wrote:> Is it possible to configure Samba so that it could authenticate users > from the LDAP server *only* (i.e., operating system doesn't see the > users from LDAP). > > I'm working on an embedded Samba domain controller, it is based on Linux > / busybox / uClibc (and Samba with OpenLDAP). > > The system doesn't use glibc, but it's smaller brother uClibc, and it > doesn't have anything like PAM or NSS. > > Because of this, Samba can fetch the users from LDAP, but can't verify > that these users exist as system users - and refuses to logon with > NO_SUCH_USER. > > > Is there a way I can use Samba + LDAP without seeing LDAP users as > system users?Not in Samba3. Samba4 may have more options in this space, with our embedded LDAP server, but the current development code also relies on system users, for things like downloading profiles. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20060131/6c86392d/attachment.bin