Hi all, i'm a bit confused, can i setup samba (3.0.30) with LDAP backend, and have the "posix/local linux" users and groups reside in the /etc/groups /etc/shadow ect. ect (the standard linux files) ??? or do i have to put them in ldap also ?? (is there a choice?) Greets, Collen
you'll need to put your posix users in ldap, because samba will add the sambaSamAccount values to them in ldap. Collen Blijenberg wrote:> Hi all, i'm a bit confused, > > can i setup samba (3.0.30) with LDAP backend, and have the > "posix/local linux" users and groups > reside in the /etc/groups /etc/shadow ect. ect (the standard linux > files) ??? > > or do i have to put them in ldap also ?? > (is there a choice?) > > Greets, Collen > > > >
"Collen Blijenberg" <collen@hermanjordan.nl> wrote in message news:4847FDB2.7080100@hermanjordan.nl...> Hi all, i'm a bit confused, > > can i setup samba (3.0.30) with LDAP backend, and have the "posix/local > linux" users and groups > reside in the /etc/groups /etc/shadow ect. ect (the standard linux > files) ??? > > or do i have to put them in ldap also ?? > (is there a choice?) > > Greets, CollenI have done this in the past. I haven't tried this on a recent version so I don't know if it will still work. Back then I didn't understand how to use the smbldap-tools. As the others have suggested, keeping everything in ldap makes management of your user accounts much easier. To achieve your goal, try the following: Look at the smbldap-tools files to identify the ldif file that the tools import into ldap. Import that file into ldap using your standard ldap commands. In your smb.conf file, your add user script should be the standard Linux adduser command. You can look at the Samba documentation to find the adduser script you should be using if you are not using ldap. That should work. When you add a user, the POSIX info. should be added to the /etc/passwd and the Windows info. should be added to ldap. Make sure to try this out on a test server before using it on a production box. Remember that putting everything in ldap is a better approach.
Coming to think of it, I actually answered something that's not really related to you question, so please just ignore my post. On 6/11/08, Richard Foltyn <richard.foltyn@gmail.com> wrote:> On 6/6/08, Collen Blijenberg <collen@hermanjordan.nl> wrote: >> So correct me if i'm wrong, >> >> in order to use the ldap backend, you need to insert the posix users in >> ldap as well ?? >> there is no way to get it work, with the normal basic setup (passwd >> shadow group ect. files) >> >> that's odd ?! > > Actually this will work too. I have all my POSIX/Samba users in LDAP > except for the root user, since there is no point in duplicating root > in LDAP. As long as you create a samba user with smbpasswd -a root, > Samba will happily fetch the POSIX stuff from /etc/passwd. This should > work for other users as well. > > However, as others have pointed out, this totally defeats the purpose > of using LDAP in the first place. ;) > > - Richard >
The whole point of LDAP is to combine the (considerable) benefits of single-source authentication and single-point administration with the robust reliability of a distributed user database. You don't have that with the shadow suite. If you use an earlier version of samba you can implement the smbpasswd backend instead of LDAP and make your life much simpler. --Charlie On Thu, Jun 5, 2008 at 10:52 AM, Collen Blijenberg <collen@hermanjordan.nl> wrote:> Hi all, i'm a bit confused, > > can i setup samba (3.0.30) with LDAP backend, and have the "posix/local > linux" users and groups > reside in the /etc/groups /etc/shadow ect. ect (the standard linux files) > ??? > > or do i have to put them in ldap also ?? > (is there a choice?) > > Greets, Collen > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >