john
2015-Apr-20 19:50 UTC
[Samba] NSLCD works, do I need RFC2307 extensions enabled in AD as well?
Hi Rowland, On Mon, Apr 20, 2015 at 10:29 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote:> OK, I understand a bit better where your problems lie. I would still use > backports, supported code is (hopefully) better code :-) >I am certainly willing to do that.> > >> >> I'd be willing to do that if it got me support for UPN names (see below) >> >> >> I installed NSLCD to allow users in AD to authenticate against >> my linux >> server per >> >> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd >> >> >> Why use nlscd ? why not use winbind, see: >> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >> >> >> My impression from this thread >> https://lists.samba.org/archive/samba/2014-May/181372.html >> >> is that Winbind doesn't support UPN names. This was my lame-brain >> attempt to "work around" that issue. >> > > I use winbind and using the UPN seems to work for smbclient: > > smbclient \\\\xp.example.com\\shared -Urowland at example.com > Enter rowland at example.com's password: > Domain=[EXAMPLE] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] > smb: \> > > Is this the way you mean ? > >Well that appears to be what I want, but that doesn't work in my case. Can I see the smb.conf file? As I mentioned my PDC is a Windows box and this Samba server is a member server. I am trying to keep this as simple as possible. Since I am able to see UID/GID information via the method outlined on the Samba wiki https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd#Method_1:_Connecting_to_AD_via_Bind_DN_and_password it seems like the missing part is getting winbind to use that information. Can you guide me on the proper approach? Thanks! John
Rowland Penny
2015-Apr-20 20:17 UTC
[Samba] NSLCD works, do I need RFC2307 extensions enabled in AD as well?
On 20/04/15 20:50, john wrote:> Hi Rowland, > > On Mon, Apr 20, 2015 at 10:29 AM, Rowland Penny <rowlandpenny at googlemail.com >> wrote: > >> OK, I understand a bit better where your problems lie. I would still use >> backports, supported code is (hopefully) better code :-) >> > I am certainly willing to do that. > > >> >>> I'd be willing to do that if it got me support for UPN names (see below) >>> >>> >>> I installed NSLCD to allow users in AD to authenticate against >>> my linux >>> server per >>> >>> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd >>> >>> >>> Why use nlscd ? why not use winbind, see: >>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >>> >>> >>> My impression from this thread >>> https://lists.samba.org/archive/samba/2014-May/181372.html >>> >>> is that Winbind doesn't support UPN names. This was my lame-brain >>> attempt to "work around" that issue. >>> >> I use winbind and using the UPN seems to work for smbclient: >> >> smbclient \\\\xp.example.com\\shared -Urowland at example.com >> Enter rowland at example.com's password: >> Domain=[EXAMPLE] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] >> smb: \> >> >> Is this the way you mean ? >> >> > Well that appears to be what I want, but that doesn't work in my case. Can > I see the smb.conf file? As I mentioned my PDC is a Windows box and this > Samba server is a member server. I am trying to keep this as simple as > possible. > > Since I am able to see UID/GID information via the method outlined on the > Samba wiki > https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd#Method_1:_Connecting_to_AD_via_Bind_DN_and_password > > it seems like the missing part is getting winbind to use that information. > Can you guide me on the proper approach? > > Thanks! > > JohnOK, have a look here: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server That is basically my smb.conf (and when I say 'my' I really mean that is 'my' smb.conf) Rowland
john
2015-Apr-20 20:50 UTC
[Samba] NSLCD works, do I need RFC2307 extensions enabled in AD as well?
Thank you Rowland, so it looks like kerberos should be my authentication method and that I'll need to install rfc2307 extensions in my Active Directory environment in order to use your approach. Your approach supports UPN names for access to shares and It also appears that I won't need to use nslcd at all. Does all of that sound correct to you? Thanks again! John On Mon, Apr 20, 2015 at 1:17 PM, Rowland Penny <rowlandpenny at googlemail.com> wrote:>> it seems like the missing part is getting winbind to use that information. >> Can you guide me on the proper approach? >> >> Thanks! >> >> John > > > OK, have a look here: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server > > That is basically my smb.conf (and when I say 'my' I really mean that is 'my' smb.conf) > > Rowland
Apparently Analagous Threads
- NSLCD works, do I need RFC2307 extensions enabled in AD as well?
- NSLCD works, do I need RFC2307 extensions enabled in AD as well?
- NSLCD works, do I need RFC2307 extensions enabled in AD as well?
- NSLCD works, do I need RFC2307 extensions enabled in AD as well?
- NSLCD works, do I need RFC2307 extensions enabled in AD as well?