schönfeld / in-medias-res
2006-Oct-06 08:39 UTC
[Samba] Samba as PDC, LDAP-based authentication for windows & linux clients
Hi There, we currently run a Windows Server 2003 Terminalserver and a NT4 PDC / File Server. Additional there is a server in the development unit acting as login server for the linux boxes. We now want to introduce a new file server and thereby replace the nt4 domain controller with a samba domain controller and consollidate it with the linux login server. I'm pretty sure it should be possible to do this with a central ldap server, samba and nfs. But there are some pitfalls i may stuck on, so i want to know if someone realised something like that before and can answere me some questions. Access control should be handled by posix acls. 1. Do i need two seperate LDAP directories for linux auth and samba-based windows auth? (e.g. because of different password hashes? or is there maybe a possibility to store passwords in _one_ ldap directory in _one_ hashing format which works for both windows and linux?) If i need seperate LDA directories: Where should i start to keep things synchronous? 2. I know that windows users can change there password on the windows terminalserver. But how do the linux users do? Any tipps about that scenario are appreciated. Thanks in advance Patrick Sch?nfeld
Cybionet
2006-Oct-06 23:16 UTC
[Samba] Samba as PDC, LDAP-based authentication for windows & linux clients
Greeting Patrick,> 1. Do i need two seperate LDAP directories for linux auth and > samba-based windows auth? (e.g. because of different password hashes? or > is there maybe a possibility to store passwords in _one_ ldap directory > in _one_ hashing format which works for both windows and linux?) > If i need seperate LDA directories: Where should i start to keep things > synchronous?No just one LDAP directory work great for the Windows and Linux Client.> 2. I know that windows users can change there password on the windows > terminalserver. But how do the linux users do?I must admit that I don't success password change if your Samba+LDAP server use 'sambaPwdMustChange' attribute. Otherwise a simple script can change password for Linux client on LDAP. Robert