Why isnt anybody thinking about ldap? Pam_ldap in special. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Christian Naumer via samba > Verzonden: woensdag 24 mei 2017 13:43 > Aan: Rowland Penny; samba at lists.samba.org > CC: Daniele Bernazzi > Onderwerp: Re: [Samba] samba 4 in AD 2008R2 without winbind > > It might work if you use winbind with the idmap_nss module. See here: > > https://www.samba.org/samba/docs/man/manpages-3/idmap_nss.8.html > > Or maybe this is deprecated? > > > Regards > > Christian > > Am Mittwoch, den 24.05.2017, 12:12 +0100 schrieb Rowland > Penny via samba: > > On Wed, 24 May 2017 12:54:48 +0200 (CEST) Daniele Bernazzi > > <daniele at ao-siena.toscana.it> wrote: > > > > > > > > So far for standalone server, Rowland, but is not possible to > > > authenticate (just autenticate) on active directory? This > > > configuration is now working on another server with samba 3 ... > > > access is allowed to users declared in /etc/passwd (these > users do > > > not have a unix password) and the client use transparently the > > > password they supplied at login time. I am not able to reply this > > > configuration in samba 4 > > > > > > > I cannot see how this will work, to authenticate to AD your > computer > > would have to be joined to the domain, at which point your > user would > > have to only be in AD. I am not saying it will not work, I > just don't > > understand how it can. > > > > Can you post the smb.conf from the Samba 3 machine ? > > > > Rowland > > > > > > > > -- > Dr. Christian Naumer > Research Scientist > Plattform-Koordinator Bioprozesstechnik > > B.R.A.I.N Aktiengesellschaft > Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail > cn at brain-biotech.de, homepage www.brain-biotech.de > fon +49-6251-9331-30 / fax +49-6251-9331-11 > > Sitz der Gesellschaft: Zwingenberg/Bergstrasse > Registergericht AG Darmstadt, HRB 24758 > Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel > Aufsichtsratsvorsitzender: Dr. Ludger Mueller > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
----- Messaggio originale -----> Da: "L.P.H. van Belle via samba" <samba at lists.samba.org> > A: samba at lists.samba.org > Inviato: Mercoledì, 24 maggio 2017 14:23:47 > Oggetto: Re: [Samba] samba 4 in AD 2008R2 without winbind > > > Why isnt anybody thinking about ldap? > Pam_ldap in special. > > > Greetz, > > Louis > >I did have a look at samba with ldap but it does not works without altering the AD schema. With pam_ldap do you mean another way, don't you? Important for me is the transparency for windows environment. Daniele
Well, i can make squid plain text password auth work, against AD, without join then this is configurable. I was thinking about something like this: https://www.howtoforge.com/linux_ldap_authentication Start as of point Client configuration. Your server is already done ( your windows ad dc) You may need to setup TLS/SSL first to connect to your server. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Daniele Bernazzi [mailto:daniele at ao-siena.toscana.it] > Verzonden: woensdag 24 mei 2017 14:38 > Aan: L.P.H. van Belle > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] samba 4 in AD 2008R2 without winbind > > > > ----- Messaggio originale ----- > > Da: "L.P.H. van Belle via samba" <samba at lists.samba.org> > > A: samba at lists.samba.org > > Inviato: Mercoledì, 24 maggio 2017 14:23:47 > > Oggetto: Re: [Samba] samba 4 in AD 2008R2 without winbind > > > > > > Why isnt anybody thinking about ldap? > > Pam_ldap in special. > > > > > > Greetz, > > > > Louis > > > > > > I did have a look at samba with ldap but it does not works > without altering the AD schema. > With pam_ldap do you mean another way, don't you? > Important for me is the transparency for windows environment. > > Daniele > >
----- Messaggio originale -----> Da: "L.P.H. van Belle via samba" <samba at lists.samba.org> > A: samba at lists.samba.org > Inviato: Mercoledì, 24 maggio 2017 14:46:50 > Oggetto: Re: [Samba] samba 4 in AD 2008R2 without winbind > > Well, i can make squid plain text password auth work, against AD, without > join then this is configurable. > > I was thinking about something like this: > > https://www.howtoforge.com/linux_ldap_authentication > Start as of point Client configuration. > Your server is already done ( your windows ad dc) > > You may need to setup TLS/SSL first to connect to your server. > > Greetz, > > Louis > >Hi Louis, I had a look at the doc, but looks like it does not fit my environment. If I am not wrong samba is active as a standalone server (not need to join to the domain) and for authentication it use pam which use ldap. But ldap is configured in a quite strict manner expecting to find username in specific OU, this is not possible in my environment because people change OU and new OU are created at needing.>From yours and Rowland answers I guess is not possible to use samba in ADS mode without winbind! I am a bit disappointed from this conclusion and I hope to be wrong; anyway I did not find helps and docs pratically supporting an opposite conclusion!Do you agree? thank you Daniele