Hello all. I have a Samba PDC server working great already. However on another host on the network I would like to setup a Samba server that authenticates to the same LDAP server that my Samba PDC is using. However I want to do this anonymously without telling the second server the admin password for LDAP. I cannot seem to find any documentation for anonymous LDAP authentication using Samba. Do I have to give Samba the admin password just to access authentication records? -- Thanks, Matthew Crites
Hi, isn't it possible to join the server to the domain and set security to domain or server?!? Regards Stefan Matthew Crites schrieb:> Hello all. I have a Samba PDC server working great already. However > on another host on the network I would like to setup a Samba server > that authenticates to the same LDAP server that my Samba PDC is using. > However I want to do this anonymously without telling the second > server the admin password for LDAP. I cannot seem to find any > documentation for anonymous LDAP authentication using Samba. Do I > have to give Samba the admin password just to access authentication > records? >
I would rather not join the server to the domain. All I need is for the server to authenticate users against LDAP. Thanks for your help. On 10/6/06, Matthew Crites <mcrites@gmail.com> wrote:> Hello all. I have a Samba PDC server working great already. However > on another host on the network I would like to setup a Samba server > that authenticates to the same LDAP server that my Samba PDC is using. > However I want to do this anonymously without telling the second > server the admin password for LDAP. I cannot seem to find any > documentation for anonymous LDAP authentication using Samba. Do I > have to give Samba the admin password just to access authentication > records? > > -- > Thanks, > Matthew Crites >-- Thanks, Matthew Crites
Hello Mathew. You can easily make modifications to the /etc/ldap.conf Something like this may be what you are after: #/etc/ldap.conf host 127.0.0.1 192.168.0.3 <--- note I have 2 ip addresses there, put in the IP of your master base dc=differentialdesign,dc=org binddn cn=Manager,dc=differentialdesign,dc=org bindpw yourpassword pam_password exop nss_base_passwd ou=People,dc=differentialdesign,dc=org?one nss_base_shadow ou=People,dc=differentialdesign,dc=org?one nss_base_group ou=Groups,dc=differentialdesign,dc=org?one ssl no Substitute the appropriate values; however you will need your bindpw. restart ldap and you should be able to "id username" on the client server. Thanks, Adrian Sender.>From: "Matthew Crites" <mcrites@gmail.com> >To: samba@lists.samba.org >Subject: [Samba] Re: Samba Anonymous LDAP Authentication >Date: Sat, 7 Oct 2006 10:07:16 -0400 >I would rather not join the server to the domain. All I need is for >the server to authenticate users against LDAP. Thanks for your help. > >On 10/6/06, Matthew Crites <mcrites@gmail.com> wrote: >>Hello all. I have a Samba PDC server working great already. However >>on another host on the network I would like to setup a Samba server >>that authenticates to the same LDAP server that my Samba PDC is using. >> However I want to do this anonymously without telling the second >>server the admin password for LDAP. I cannot seem to find any >>documentation for anonymous LDAP authentication using Samba. Do I >>have to give Samba the admin password just to access authentication >>records? >> >>-- >>Thanks, >>Matthew Crites >> >
Why not create an admin user in the ldap server which only has read access to the samba attributes of the user as well as the uid and group info. Then make that user only have those privileges from the specific IP of the other samba server. Duncan Matthew Crites wrote:> Hello all. I have a Samba PDC server working great already. However > on another host on the network I would like to setup a Samba server > that authenticates to the same LDAP server that my Samba PDC is using. > However I want to do this anonymously without telling the second > server the admin password for LDAP. I cannot seem to find any > documentation for anonymous LDAP authentication using Samba. Do I > have to give Samba the admin password just to access authentication > records? >
Apparently Analagous Threads
- bindpw in ldap.conf
- package.skeleton does invalide regular name...
- A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
- Samba 4 ldb_wrap open of idmap.ldb
- samba ldap pdc w/unix accounts: local unix and ldap unix users can't resolve uids to names on the server