Ralf G. R. Bergs
2006-Jun-23 12:53 UTC
[Samba] Samba 3.0.22: share be r/w for LDAP-authenticated users, r/o for anonymous
Hi there, we need to implement the following scenario: - Samba server 3.0.22 (NOT acting as a domain controller; we don't use Windows networking domains) - users use Linux and Windoze - anonymous users accessing a certain share should be granted read-only access - successfully authenticated users should be given read-write access - authentication should be performed against an LDAP that contains entries like this: dn: cn=rb,dc=intra,dc=ourdom,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: jabberuser jid: rb@intra.ourdom.de o: ourcompany cn: rb sn: Bergs givenName: Ralf telephoneNumber: +49xxxxxxx mobile: +49xxxxxxxx userPassword: secret roomNumber: 4711 The "userPassword" key contains the password that is to be checked, the "cn" key the username for the respective user. Can this be accomplished? Is there anyone who would like to share some config snippets with me? I did some search on Google and found something pertaining to Samba 2.x, but this doesn't work anymore since LDAP support seems to have changed much since then. Thanks for any help you can give. Cheers, Ralf
Michael Gasch
2006-Jun-26 10:20 UTC
[Samba] Samba 3.0.22: share be r/w for LDAP-authenticated users, r/o for anonymous
hi, some hints: - unauthenticated can be treated as guests (map to guest =, read list = <guestaccount>) - there?re several threads about plaintext password support and samba v3 you should try to play with encrypt passwords = no and may be pam (obey pam restrictions = yes) just my 2 cents greez Ralf G. R. Bergs wrote:> Hi there, > > we need to implement the following scenario: > > - Samba server 3.0.22 (NOT acting as a domain controller; we don't use > Windows networking domains) > - users use Linux and Windoze > - anonymous users accessing a certain share should be granted read-only > access > - successfully authenticated users should be given read-write access > - authentication should be performed against an LDAP that contains > entries like this: > > dn: cn=rb,dc=intra,dc=ourdom,dc=de > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: jabberuser > jid: rb@intra.ourdom.de > o: ourcompany > cn: rb > sn: Bergs > givenName: Ralf > telephoneNumber: +49xxxxxxx > mobile: +49xxxxxxxx > userPassword: secret > roomNumber: 4711 > > The "userPassword" key contains the password that is to be checked, the > "cn" key the username for the respective user. > > Can this be accomplished? Is there anyone who would like to share some > config snippets with me? > > I did some search on Google and found something pertaining to Samba 2.x, > but this doesn't work anymore since LDAP support seems to have changed > much since then. > > Thanks for any help you can give. > > Cheers, > > Ralf-- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399