Sahibzada Junaid Noor wrote:
>Hi,
>
> I have found some contradictions in the samba
>documentation. i am writing them down here so if you
>can please verify them.
>
> in heading 4.3.3 of the documentation it says
>
> " When samba is operating in security = domain mode
>, the samba server has a domain security trust account
>( a machine account) and causes all authentication
>requests to be passed through to the domain
>controllers."
>
>ok this means the windows domain controller is going
>to do the authentication, authorizing stuff.
>
> now look here
>
> under heading 7.3 there is a note which says
>
>" when samba is configured to use an LDAP , or other
>indentity management and or directory service , it is
>samba that continues to perform user and machine
>authentication. it should be noted that the LDAP
>server does not perform authentication handling in
>place of what samba is designed to do"
>
>now what does this means?
>
>according to 4.3.3 samba sends all authentication
>requests to the windows AD. in 7.3 it says that it
>doesnt send requests at all. then why will it use an
>LDAP backend?
>
>plz comment on this.
>
>====>
> Sahibzada Junaid Noor
> Ph # (+92) (051) 5950 940
> Cell # (+92) (0333) 5223586
> Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3,
> Rawalpindi
> Islamic Republic of Pakistan
>
>
>
I didn't lookup the documentation you're referring to, but to answer
your question, LDAP authentication would not be performed in security =
domain. Security = domain is designed to allow your Samba server to
authenticate against a Windows NT4 controlled domain (for Active
Directory see security = ads, and for all options, please see the
smb.conf manpage).
Clint