Hi, Let me know if this scenario is possible: I want a samba server authenticating on OpenLDAP with IDMAP, without creating any local user on server. My environment is: many linux clients, a OpenLDAP server and some services authenticating against it. We don't use Active Directory nor we have any Windows server or client. I don't know if this is possible and i've searched a lot through samba documentation and on google. All the documentation I found shows a samba always as a ADS Domain Member, like: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2607186 So my question is: It's possible to auth users on a samba server against a OpenLDAP server without the need of a Windows environment? To be honest, I don't need a Samba Domain, the server will be only a file server. I know is possible to auth NFS on LDAP but I don't like to use NFS, and I think samba is way more reliable. Thanks, -- Felipe Lemos The other line moves faster.
TAKAHASHI Motonobu
2011-Jan-17 17:15 UTC
[Samba] Auth on OpenLDAP with idmap without Windows
2011/1/18 Scald Master <scaldmaster at gmail.com>:> Let me know if this scenario is possible: > I want a samba server authenticating on OpenLDAP with IDMAP, without > creating any local user on server.(snip)> So my question is: It's possible to auth users on a samba server > against a OpenLDAP server without the need of a Windows environment? > To be honest, I don't need a Samba Domain, the server will be only a > file server.Basically, yes. Samba users can be stored in LDAP without Samba Domain. Simply set "passdb backend = ldapsam" and correctly set some parameters such as "ldap admin dn", "ldap suffix" and "ldap user dn" instead of tdbsam or smbpasswd. Also UNIX users can be stored in LDAP with nss_ldap. Remember there are few documents mentioned in such environment. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>
Filepe, have you considered using FUSE? with it you could use SSH to mount most any directory on the target server, and it's fine to have multiple connections like that. I don't know if your performance would be good or not... But you could then just set up PAM to use the openldap for auth. Just a thought... it might be easier to google for this instead.> Hi, > > Let me know if this scenario is possible: > I want a samba server authenticating on OpenLDAP with IDMAP, without > creating any local user on server. > > My environment is: many linux clients, a OpenLDAP server and some > services authenticating against it. > We don't use Active Directory nor we have any Windows server or client. > > I don't know if this is possible and i've searched a lot through samba > documentation and on google. > All the documentation I found shows a samba always as a ADS Domain Member, like: > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2607186 > > So my question is: It's possible to auth users on a samba server > against a OpenLDAP server without the need of a Windows environment? > To be honest, I don't need a Samba Domain, the server will be only a > file server. > > I know is possible to auth NFS on LDAP but I don't like to use NFS, > and I think samba is way more reliable. > > Thanks, > -- > Felipe Lemos > The other line moves faster. >