Hello, I am seriously considering switching over my authentication system from the standard passwd/smbpasswd, to a LDAP-based system, that can authenticate *BOTH* UNIX and Windows systems and users. Here's a couple questions that I have, and I would greatly appreciate some answers. ;-) Will the schema file used by Samba also support UNIX users attempting to authenticate? In other words, can I use the same LDAP server to authenticate both Windows and UNIX users? I know I can setup Linux to authenticate against a LDAP database, but is there any required schema for Linux to do so, or will the schema provided with Samba work for this purpose? Also, if this will work, what about Solaris? IRIX? I also have these systems, and I would like to have them authenticate against my LDAP database, once setup, as well. Another question: will the Samba LDAP server setup also support being able to be accessed from a program like Outlook Express, for the retrival of e-mail addresses, etc? Are there any major problems with the LDAP implementation in the SAMBA_2_2 branch? I plan on using it with XFS ACLs, and domain logons (obviously) . . . also, I need to be able to continue to change passwords from Windows clients . . . does Samba combined with LDAP support this? Are there any problems that would prevent me from doing all of this? I would appreciate anything you can send me . . . configuration files, additional schema files, etc . . . I am totally inexperienced with LDAP, but I am going to sit down, and set it up this weekend. I plan on installing OpenLDAP on my Sun SPARCstation 5 running Linux this weekend, and I plan on using that as my authentication source. Any and all notes regarding Samba & LDAP would be *GREATLY* appreciated. Thanks, in advance! ------------------------------------- Sean P. Elble Systems/Network Engineer UNIX/Linux/Windows NT/2000 SES Computer Systems elbles@sessys.com -------------------------------------
Hi,> I am seriously considering switching over my authentication system from theGo for it!> Will the schema file used by Samba also support UNIX users attempting to > authenticate? In other words, can I use the same LDAP server to authenticate > both Windows and UNIX users? I know I can setup Linux to authenticateYes. The howtos for samba-tng describes how to to this. Check: www.samba-tng/docs.html for an overview. Also, I think there's some in the howto that follows the src. Basic message: Use the nss/pam-ldap tools from padl.com. RH makes this very easy to set up.> this will work, what about Solaris? IRIX? I also have these systems, and I > would like to have them authenticate against my LDAP database, once setup, > as well.If they support pam, you should be fine.> Another question: will the Samba LDAP server setup also support being able > to be accessed from a program like Outlook Express, for the retrival of > e-mail addresses, etc?Yes, but it's not very efficient. Another tip: www.bayour.com for an explanation of SASL. Tarjei
Hi I don't know if this is a common problem but here it is. I'm using RedHat 2.1AS with samba 2.2.7 and openldap. I want to build my samba server as PDC with Ldap auth. So i recompiled samba -with-ldapsam. It all works very fine, but there is a problem with winxp pcs (i have installed WinXP_SignOrSeal.reg) winxp wants to add machine name, but there is this problem that i'm getting in my log file: [2003/04/08 09:38:46, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1929) User milos-test$ does not exist in system password file (usually /etc/passwd). Cannot add account without a valid local system user. Do i need to have machine name in my passwd file ??? why can I store it in LDAP server ???? is there any way i can do that or do i have to create it in passwd file. This is the line i'm trying to use but it won't work add user script = "/usr/local/sbin/smbldap-useradd.pl -w %u ; sleep 5" If i use this like that adds user to passwd all work fine: add user script = /usr/sbin/useradd -d /dev/null -g users -s /bin/false -M %u Regards, Milos
On Tue, 2003-04-08 at 04:26, Milos Webmail wrote:> Do i need to have machine name in my passwd file ??? why can I store it > in LDAP server ???? is there any way i can do that or do > i have to create it in passwd file.well you can use nss_ldap if you want to store everything in the ldap db... another option in samba3 is ldapsam_nua (non unix account) in which machine accounts can be stored in ldap without having a unix account. in samba2 the machine account must exist in both the samba password backend (ldap in your case) and the unix password database (sounds like /etc/passwd in your case).> add user script = "/usr/local/sbin/smbldap-useradd.pl -w %u ; sleep 5" >the idealx tools expect you to be using nss_ldap i think... so you may have to write your own script to add the machine account to both the ldap store and the unix password db. brad -- Bradley W. Langhorst <brad@langhorst.com>