Miroslav Keš
2020-Nov-03 19:03 UTC
[Samba] UNIX/Linux system authentication using Samba LDAP ?
Hello! I'm?administrating?a?FreeBSD?server?in?a?an?office?where?we?do?cross-platform?development.?People?use?both?Linux?and?Windows?workstations?for?the?development. I?have?an?OpenLDAP?server?running?on?the?FreeBSD?server?that?used?for?both: ????-?system?authentication?of?users?on?the?server?itself?and?the?Linux?workstations ????-?authentication?of?users?for?Samba?shares?on?the?server?itself?and?for?Samba?servers?running?on?the?the?Linux?workstations. It?looks?like?the?Samba?authentication?against?the?OpenLDAP?server?is?not?supported?anymore. The?Release?notes?for?Samba?4.13?state?that: "Samba?4.13?deprecates?Samba's?original?domain?controller?mode.?Sites?using?Samba?as?a?Domain?Controller?should?upgrade?from?the?NT4-like?'classic'?Domain?Controller?to?a?Samba?Active?Directory?DC?to?ensure?full?operation?with?modern?windows?clients." The?FAQ?states: Do?Samba?AD?DCs?Support?OpenLDAP?or?Other?LDAP?Servers?as?the?Back?End? Active?Directory?requires?features,?such?as?ACLs?stored?within?the?directory?and?a?different?schema,?that?are?not?supported?by?LDAP?servers. It?is?quite?annoying?as?there are other?applications?authenticated?against?the OpenLDAP?server?and?suddenly?the?whole?coexistence?is?gone.?:-/ But?anyway,?is?it?possible?to?use?the?Samba's?internal?LDAP?server?and?use?it?as?a?replacement?of?the?OpenLDAP?server? If?so,?how?does?the?administration?(e.g.?adding?new?attribute?schemas?for?other?applications)?of?the?Samba?LDAP?server?look?like? Thank?you! Mira
Rowland penny
2020-Nov-03 19:28 UTC
[Samba] UNIX/Linux system authentication using Samba LDAP ?
On 03/11/2020 19:03, Miroslav Ke? via samba wrote:> Hello! > > I'm?administrating?a?FreeBSD?server?in?a?an?office?where?we?do?cross-platform?development.?People?use?both?Linux?and?Windows?workstations?for?the?development. > > I?have?an?OpenLDAP?server?running?on?the?FreeBSD?server?that?used?for?both: > > ????-?system?authentication?of?users?on?the?server?itself?and?the?Linux?workstations > > ????-?authentication?of?users?for?Samba?shares?on?the?server?itself?and?for?Samba?servers?running?on?the?the?Linux?workstations. > > > > It?is?quite?annoying?as?there are > other?applications?authenticated?against?the > OpenLDAP?server?and?suddenly?the?whole?coexistence?is?gone.?:-/Hardly suddenly, we have been discussing this on here for a couple of years now, also this is being forced on us by Microsoft. They really want to get away from SMBv1, so Samba must follow them and you must have SMBv1 for an NT4-style domain. However, for the moment, you can still use NT4-style domains, Samba is just giving warning that they will disappear one day and when that day comes, I understand that the last version that does work with them will have long term security support.> > But?anyway,?is?it?possible?to?use?the?Samba's?internal?LDAP?server?and?use?it?as?a?replacement?of?the?OpenLDAP?server? >Yes this probably will be possible, what do have in ldap ?> If?so,?how?does?the?administration?(e.g.?adding?new?attribute?schemas?for?other?applications)?of?the?Samba?LDAP?server?look?like? >Pretty much like openldap, have a look here: https://wiki.samba.org/index.php/Samba_AD_schema_extensions Rowland