hello I want to know if I can use Samba 4.1.6-ubuntu to authenticate against an LDAP (v.2.4). I need that users can access to a shared folder only if samba find the account in the LDAP. The parameter passdb backend does not work to me. Regard, Juan Pardo
On 31/07/15 08:08, Juan Pardo wrote:> hello > > I want to know if I can use Samba 4.1.6-ubuntu to authenticate against an LDAP (v.2.4). I need that users can access to a shared folder only if samba find the account in the LDAP. The parameter passdb backend does not work to me. > > Regard, > Juan PardoYou can use samba 4 just like samba 3 and use LDAP for authentication, but something tells me this is not what you mean. If you mean 'can I set up samba 4 as an AD DC with an LDAP backend instead of the builtin LDAP server' then the answer is no. It may help us to help you, if you could describe a bit better what you are trying to achieve and what you have done so far to try and get it working. Rowland
Hi Rowland, > If you mean 'can I set up samba 4 as an AD DC with an LDAP backend > instead of the builtin LDAP server' then the answer is no. does samba 4 works with external LDAP server if it isn't working as AD DC? I'm a bit confused because I want to update from samba 3 to 4 and using our internal LDAP server to authenticate the users. cu - Bernd
Hello,
First of all, thanks for all the answers.
Our problem is similar to Bern's case. Is the same problem but we aren't
upgrading from Samba 3 to Samba 4.
In our case, we have an Identity Manager who have all the users and groups of
our organization. IDM also loads this information in one Microsoft AD. We need
to install one Samba server with one LDAP (in the same machine of samba server)
with the same information contained in Active Directory but without being member
of the Microsoft Domain.
Really we have two problems, first of all, we need to validate user with LDAP
instance in the same machine with the backend paramerter in the smb.conf (see
attached file) and second, how can we load all the accounts info in this LDAP
instance?
As you can see in the image, in the samba's log we could connect to LDAP
(smbldap_open_connection: connection opened) but samba couldn't find the
user.
In our smb.conf, we have this configuration related to LDAP:
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=dominio,dc=es
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=admin,dc=dominio,dc=es
ldap passwd sync = yes
Regards,
Juan Pardo
El Viernes 31 de julio de 2015 9:08, Juan Pardo <jpardo1976 at
yahoo.es> escribió:
hello
I want to know if I can use Samba 4.1.6-ubuntu to authenticate against an LDAP
(v.2.4). I need that users can access to a shared folder only if samba find
the account in the LDAP. The parameter passdb backend does not work to me.
Regard,
Juan Pardo
On 03/08/15 09:00, Juan Pardo wrote:> Hello, > > First of all, thanks for all the answers. > > Our problem is similar to Bern's case. Is the same problem but we aren't upgrading from Samba 3 to Samba 4. > > In our case, we have an Identity Manager who have all the users and groups of our organization. IDM also loads this information in one Microsoft AD. We need to install one Samba server with one LDAP (in the same machine of samba server) with the same information contained in Active Directory but without being member of the Microsoft Domain. > > Really we have two problems, first of all, we need to validate user with LDAP instance in the same machine with the backend paramerter in the smb.conf (see attached file) and second, how can we load all the accounts info in this LDAP instance? > > As you can see in the image, in the samba's log we could connect to LDAP (smbldap_open_connection: connection opened) but samba couldn't find the user. > > In our smb.conf, we have this configuration related to LDAP: > > passdb backend = ldapsam:ldap://localhost > ldap suffix = dc=dominio,dc=es > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Idmap > ldap admin dn = cn=admin,dc=dominio,dc=es > ldap passwd sync = yes > > Regards, > > Juan Pardo > > > El Viernes 31 de julio de 2015 9:08, Juan Pardo <jpardo1976 at yahoo.es> escribió: > > > hello > > I want to know if I can use Samba 4.1.6-ubuntu to authenticate against an LDAP (v.2.4). I need that users can access to a shared folder only if samba find the account in the LDAP. The parameter passdb backend does not work to me. > > Regard, > Juan Pardo > > >Hi, I wonder if using LDAP as a proxy would work for you, see here: https://wiki.samba.org/index.php/Authenticating_other_services_against_AD#openLDAP_proxy_to_AD Rowland