Hello Her is my situation, that i wanted to have: SAMBA SERVER have to use the LDAP User for Authentication LDAP SERVER with all users and pc entries Windows AD Server with all users Only the AD Server get the active passwords The LDAP Server has the option to authenticate the user password by SASL Passthrough to the AD Server. This works fine for ssh Login on the SAMBA Server, but only with the LDAP Atribute userPassword. But samba needs the object sambaNTPassword and SASL the object userpassword. When I upgrade my Samba to Samba AD DC, will it be possible to use my LDAP Server? And it is possible to use the SASL Passthrough to the Windows AD Server? Kind regards Ute
On Wed, 14 Feb 2024 13:15:42 +0100 Ute Korn via samba <samba at lists.samba.org> wrote:> Hello > > Her is my situation, that i wanted to have: > > SAMBA SERVER have to use the LDAP User for Authentication > LDAP SERVER with all users and pc entries > Windows AD Server with all users > Only the AD Server get the active passwords > > The LDAP Server has the option to authenticate the user password by > SASL Passthrough to the AD Server. This works fine for ssh Login on > the SAMBA Server, but only with the LDAP Atribute userPassword. > > > > But samba needs the object sambaNTPassword and SASL the object > userpassword. > > When I upgrade my Samba to Samba AD DC, will it be possible to use my > LDAP Server? > > And it is possible to use the SASL Passthrough to the Windows AD > Server? > > Kind regards Ute > >What are you using the saslauth for ? It might be that you no longer need the ldap server. Active Directory has its own builtin ldap server and you may be able to run Samba as a Unix domain member joined to the AD domain. The AD schema has the userpasswod attribute, but (unless someone knows better) nothing uses it. Rowland
Hi Ute, which LDAP you are using? If you use OpenLDAP take a look at the rwm Overlay that can translate AD-Attributes to LDAP-Attributes. So just setup an OpenLDAP-Proxy and rewrite all your needed attributes. Stefan Am 14.02.24 um 13:15 schrieb Ute Korn via samba:> Hello > > Her is my situation, that i wanted to have: > > SAMBA SERVER have to use the LDAP User for Authentication > LDAP SERVER with all users and pc entries > Windows AD Server with all users > Only the AD Server get the active passwords > > The LDAP Server has the option to authenticate the user password by SASL Passthrough to the AD Server. > This works fine for ssh Login on the SAMBA Server, but only with the LDAP Atribute userPassword. > > > > But samba needs the object sambaNTPassword and SASL the object userpassword. > > When I upgrade my Samba to Samba AD DC, will it be possible to use my LDAP Server? > > And it is possible to use the SASL Passthrough to the Windows AD Server? > > Kind regards Ute > >