Hallo, it ist possible using samba with authenfication over sssd? I have two different openLDAP-server on different places. Each give logins for ssh, su, samba and many other thinks. In samba I use passdb backend = ldapsam:ldap://... The uid/gid-numbers differ, that by merging no overlapping exist. Now I try using sssd and it work fine for su and ssh (over nsswitch and pam). It enable logins independent of LDAP-source. But for samba I can't find a solution working too. In future I should like to use a thrid source which is not in my own hand. In this way merging my own LDAPs in one server is not a solution. Has somebody a advice? with regards Andreas Matthus -- Dipl.-Phys. Andreas Matthus Netzwerkadministrator Technische Universität Dresden Fakultät Architektur 01062 Dresden Tel.: +49 (351) 463-33909 Fax: +49 (351) 463-36120 E-Mail: andreas.matthus at tu-dresden.de
On Thu, 6 Oct 2016 09:04:41 +0200 Andreas Matthus via samba <samba at lists.samba.org> wrote:> Hallo, > > it ist possible using samba with authenfication over sssd? > I have two different openLDAP-server on different places. Each give > logins for ssh, su, samba and many other thinks. In samba I use > passdb backend = ldapsam:ldap://... > The uid/gid-numbers differ, that by merging no overlapping exist. > Now I try using sssd and it work fine for su and ssh (over nsswitch > and pam). It enable logins independent of LDAP-source. But for samba > I can't find a solution working too. > > In future I should like to use a thrid source which is not in my own > hand. In this way merging my own LDAPs in one server is not a > solution. > > Has somebody a advice? > > with regards > Andreas Matthus >You can use sssd with Samba, but I think you are asking in the wrong place. sssd is not a Samba product, can I suggest you ask your question on the sssd-users mailing list Rowland
On Thu, 6 Oct 2016, Andreas Matthus via samba wrote:> it ist possible using samba with authenfication over sssd?You need to clarify what usage of samba you are referring to. Samba active directory domain controller...yes. AD is LDAP-based, so it will work with anything that uses LDAP. Also if you have a semi-recent version of sssd (1.10+), it has a module specifically for AD: https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server Samba NT4 PDC...probably not. NT4 domains are too nonstandard, Samba is basically the only thing that supports it. Samba NT4 PDCs do support external LDAP servers, but I doubt you can have more than one directory as a backend. Samba file server (smbd)...probably not. It effectively supports Windows authentication or it's own internal authentication. You might be able to set up a samba NT4 PDC using an external LDAP server as an intermediary between smbd. However, like above, I'm not sure if there would be any way to merge multiple LDAP servers.