Tim Jordan, Network Services
2003-Jun-23 22:19 UTC
[Samba] Authentication from W2K PDC..Samba 3.0beta
Hello everyone, Can I use Ldap to authenticate against our W2K PDC? I have winbind working for Samba 2.2.8a - but the boss wants me to see about Ldap. If this is possible could you provide a starting point for me? I can use getent group to get a list of domain groups after I adjusted the /etc/ldap.conf By default Samba found our State Ldap server upon installation - I work for the State of Alaska, USA. TIA, Tim --
On Mon, Jun 23, 2003 at 02:19:06PM -0800, Tim Jordan, Network Services wrote:> Hello everyone, > > Can I use Ldap to authenticate against our W2K PDC? I have winbind > working for Samba 2.2.8a - but the boss wants me to see about Ldap.In a word no. But there is still some means to authenticate to the W2k DC (i assume this is Active Directory) and to use LDAP to store user data. Active Directory is mainly based on Kerberos authentication system plus LDAP for config and user settings storage, the whole glued with proprietary extensions. You could authenticate to the W2k DC using Kerberos (and should so go and look for it on the microsoft website), and then use "pseudo-LDAP" from w2k to get informations, using for exemple credentials obtained from w2k. w2k LDAP does not store passwords as in "nis" settings of openldap for exemple, so you cannot authenticate against it. You should look for the following terms, if you want to get a complete solution : - Active Directory - Microsoft Interoperability web page - MIT Kerberos website - GSSAPI layer (mainly based on SASL system, for barbary terms ;) ) - openldap clients to get information from LDAP servers Jerome Walter -- -+-- J?r?me Walter - I2 EFREI ----+- Equipe Syst?me - Efrei Robotique - Jap'Efrei - Erasmus Tutors "The World is my country" - "Nihon no tomodachi desu" EFREI System and Networking guide http://perso.efrei.fr/~walter/