Hi all, What exactly is the difference between ldap and ldapsam compilations? What functional differences are there for samba? I assume you can do user authentication with just ldap? Is ldapsam only necessary for PDC functionality? There seems to be loads of documentation on Samba-as-PDC-to-LDAP, but virtually none that I could find for just samba-to-ldap (over TLS, so no PAM) user authentication (I'm not interested in setting up a samba-based PDC, although I will if I have to). Thanks, Philip Juels pjuels@rics.bwh.harvard.edu
On Mon, 2004-02-02 at 07:59, Philip Juels wrote:> Hi all, > > What exactly is the difference between ldap and ldapsam compilations? > What functional differences are there for samba? I assume you can do > user authentication with just ldap?--- why would you assume that? samba has always maintained it's own db for user accounts - the posix attributes don't contain information fields necessary for samba usage. LDAP is it's own entity - ldapsam is just one of several options for backend storage of users/groups/computers that have significance in a Windows network ---> Is ldapsam only necessary for PDC > functionality?--- ldapsam isn't necessary for PDC functionality - but some backend type is necessary for samba functionality. The choice of which one to use and how to use it is yours. ---> > There seems to be loads of documentation on Samba-as-PDC-to-LDAP, but > virtually none that I could find for just samba-to-ldap (over TLS, so > no PAM)--- do you have other services that authenticate to LDAP without PAM? if so, why not try to implement the model that you've already got in place? ---> user authentication (I'm not interested in setting up a > samba-based PDC, although I will if I have to).--- I haven't figured out why you would have to make a samba PDC but you haven't figured out what you want to do. If you have LDAP & PAM already handling authentication for resource level stuff, this may be all you need and just using a simple backend like passwd backend or tdbsam backend to store users & groups & machines stuff. Unless you fully integrate with LDAP (ldapsam), there is only your scripting to try to link the LDAP users & passwords to samba. Craig
On Tue, 2004-02-03 at 01:59, Philip Juels wrote:> Hi all, > > What exactly is the difference between ldap and ldapsam compilations?Are you talking about configure options? --with-ldapsam is just a compatability option for Samba 2.2, to make it possible for existing sites to easily upgrade. (it changes smb.conf defaults and options only). --with-ldap is the default, and tells us that we should try and use ldap, both for our passdb, and for ADS and the like. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040203/18c45de5/attachment.bin