LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-06-2003, 03:30 PM   #1
Linh
Member
 
Registered: Apr 2003
Posts: 178

Rep: Reputation: 30
Samba and LDAP in Linux to authenticate on Windows 2000 PDC


I have successfully setup PAM, Winbind and Samba on a RedHat8 (Linux) computer so that a windows 2000 workstation can login to a Windows 2000 server domain, and then browse and mapped a drive to Redhat8. All of the users and groups information are residing on the Windows 2000 server domain and not on RedHat8.

The limitation of Winbind is that if there are multiple Linux computer that authenticate to a Windows 2000 server domain, then the same user on a Windows 2000 server domain would have a different UID (user id) on each Linux computer that is running Winbind.

Questions:

1) Am I correct that in order to solve this problem, I have to run Samba 2.2.7 with LDAP installed on the Linux machine ?

2) If I use Samba 2.2.7 with LDAP on the Linux side to authenticate to a Windows 2000 server domain, then do I need to use PAM on the Linux machine ?

3) On RedHat 8 and RedHat 9, if I use Samba 2.2.7 with LDAP on the Linux side to authenticate to a Windows 2000 server domain, then do I need to use Kerberos authentication on the Linux machine ?

4) On RedHat 8 and RedHat 9, if you run /usr/bin/authconfig, Then there is a section on Kerberos 5 for you to fill out. Am I correct that if Kerberos 5 authentication were to be used then it means that LDAP must be used in conjunction to it ?

Linh
 
Old 05-06-2003, 06:20 PM   #2
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 46
Re: Samba and LDAP in Linux to authenticate on Windows 2000 PDC

Quote:
Originally posted by Linh
1) Am I correct that in order to solve this problem, I have to run Samba 2.2.7 with LDAP installed on the Linux machine ?
I'm not sure that Samba and LDAP wouldn't solve the problem but you can use rsync to keep the file that holds the mappings between Windows UIDs and Linux UID synchronised on all the machines. That way you'll always gets the same UID on each box you log into with your Win2K Domain (ADS) user.

Quote:
Originally posted by Linh
2) If I use Samba 2.2.7 with LDAP on the Linux side to authenticate to a Windows 2000 server domain, then do I need to use PAM on the Linux machine ?
As I understand it yes, you'll need PAM and Winbind. Note that you won't need a seperate LDAP server as this is basically what your Win2K domain already provides. Or were you thinking of trying to get Win2K to authenticate against your LDAP server (run for the hills!).?

Quote:
Originally posted by Linh
3) On RedHat 8 and RedHat 9, if I use Samba 2.2.7 with LDAP on the Linux side to authenticate to a Windows 2000 server domain, then do I need to use Kerberos authentication on the Linux machine ?
Note sure on this one. Win2K ADS use kerberos auth part of its authentication mechanism. I would have though that you would just use PAM and Winbind to talk to the domain controllers directly.

Quote:
Originally posted by Linh
4) On RedHat 8 and RedHat 9, if you run /usr/bin/authconfig, Then there is a section on Kerberos 5 for you to fill out. Am I correct that if Kerberos 5 authentication were to be used then it means that LDAP must be used in conjunction to it ?
Pass... Sorry I don't use Redhat and don't really know much about Kerberos...

cheers

Jamie...
 
Old 05-09-2003, 07:24 AM   #3
ckone
Member
 
Registered: Mar 2003
Location: el paso
Distribution: Redhat, Suse, and freebsd
Posts: 90

Rep: Reputation: 15
know I'm a little bit fuzzy on your setup. Maybe you over looked this idea or concept.

First of all you have a strong understanding of Server to client relationship. The problem is your confusing me.

We know a client computer accesses files on a Server.

But the way your approaching this to me is confusing me.

Your stating your running a Linux Samba Server and a Windows 2000 Server.

look at my example of how the files should be shared ok.


linux Samba Server
Linux client computers should then be hooked up to the Samba Server and share files directly to the Samba Server.


Windows 2000 Server
WIndows 2000 pro or clients should save files to the Windows 2000 Server.

What I'm implying is that if a server is used to save data and share documents.

Why are you trying to force the Windows 2000 server to connect to multiple sessions of Samba if all you need to do is setup the Samba server to share files to its local pool of computers being the linux workstations.

What I'm saying is all the Samba Server in your case is used for is a gateway to the Windows 2000 server to share resources.

The next point is do you need more then one Samba Server to access the Windows 2000 server because it puts to much of a load on the Single samba sever....

The question I might have is can the Unix Samba server share the mounted folder that is in the Root folder or can you create a user account on the Samba server for users to mount there own shares with windows 2000 Server. Which would allow each individual to login to a dummy terminal and access the Samba share themselves without using the root account.

You brought up some good points I feel. Maybe one day Samba might produce the product to allow Linux clients to connect individually on a workstation by workstation basis.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba-3 PDC trusting M$ Windows 2000 & AD climbingmerlin Linux - Networking 1 08-14-2005 07:11 AM
Samba PDC can't authenticate root account. gani Linux - Newbie 7 08-27-2004 08:20 PM
Samba won't authenticate against NT PDC gvaught Linux - Networking 3 01-29-2004 03:28 PM
Windows 2000 Samba PDC BarrySharpen Linux - Networking 6 03-31-2003 08:23 AM
Windows 9x and NT/2000 profiles on Samba PDC ppuddick Linux - Networking 0 11-29-2002 05:32 AM


All times are GMT -5. The time now is 09:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration