LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-17-2006, 01:19 AM   #1
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 476

Rep: Reputation: 33
samba client atenticate against LDAP server


Hi

How to authenticate samba3 file server against ldap central server

regards

Asanka
 
Old 07-17-2006, 02:14 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Check if you have samba-docs installed. It includes the book "Samba 3 by Example".
My distro installs a pdf file: /usr/share/doc/packages/samba/Samba3-ByExample.pdf

Others install a postscript file. There is also a section in the "Samba3-HOWTO.pdf", also included with samba-docs, on using ldapsam. Chapter 10.4.4
 
Old 07-17-2006, 03:11 AM   #3
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 476

Original Poster
Rep: Reputation: 33
hi jschiwal

Thanks I was playing with smb.conf and ldap client authentication using redhat-config-autentication all I did was

once I got the ldap client working just add the following to smb.conf hope it is right

# Global parameters
[global]
workgroup = IIL
server string = OFFI-DOC-ONLY
security = DOMAIN
password server = ark

[%U-doc]
comment = Document share only for official use
path = /vol1/%U
read only = No
guest ok = Yes


Any way do you know how the policess works with ldap groups and users

regards

Asanka
 
Old 07-17-2006, 07:39 AM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Is ark a samba pdc? There will be a lot more added in ark's smb.conf file.

Here is a link to a samba-ldap howto:
http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html

According to Chapter 10 section 4.4.6 of Samba 3 by example, Samba-3 group management is based on POSIX groups. Samba_3 dows not support nested groups. If you search for samba.schema: locate samba.schema , you can find sample LDAP files. Also, do you have smbldap-tools installed. It also contains samba/ldap documentation. However, your questions sounds more like a general samba question.
 
Old 07-17-2006, 09:30 PM   #5
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 476

Original Poster
Rep: Reputation: 33
HI

Yes ark is a samba pdc and using LDAP backend and smbldap-tools to manage. This smb.conf is not in the pdc I made it on the file server which I want to authenticate against the pdc.

With this smb.conf it is working ok but I dont know and dont know how to test the authentication part.

When I login in to the pdc from a windows machine (I exist only on pdc) it shows me my share and I can do any thing to that directory. Do you think with this configuration any body can access (is there a security issue). The folders are having only user rwx permissions


Regards

Asanka
 
Old 07-18-2006, 01:44 AM   #6
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Code:
[%U-doc]
comment = Document share only for official use
path = /vol1/%U
read only = No
guest ok = Yes
I don't think the guest ok = Yes is correct.

Look in your samba configuration useradd scripts. When a new user is added, I think that the samba useradd script should include a line like:
useradd -s /bin/false %U 2>/dev/null

Also check that each "username-doc" directory is created with 0700 permissions.

However, you are configuring a Domain Member Server as it it were a Domain Member Workstation client. I would recommend that you study Chapter 7 of the Samba3-ByExample.pdf document.
 
Old 07-18-2006, 11:06 PM   #7
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 476

Original Poster
Rep: Reputation: 33
You are right its working

Thanks

Best regards
Asanka

By the way do you know whether we can migrate win 2003 AD to samba 3 ldap
 
Old 07-19-2006, 02:00 AM   #8
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Code:
security = DOMAIN
password server = ark
A dumb question. Isn't "password server =" an option used with "security = SERVER"?
I think it would be better if you used one of the ldap servers instead and base the configuration on the Domain Member Server examples in the Samba 3 by Example book. If you google for "IBM Redbook samba ldap" you may also come up with a couple excellent IBM Red Book on Samba and/or LDAP.
 
Old 07-19-2006, 02:10 AM   #9
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 476

Original Poster
Rep: Reputation: 33
yes ARK is a ldap/Samba domain controler.

and is working as a member server

thanks

Regards

Asanka
 
Old 07-19-2006, 02:20 AM   #10
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
The example I was referring to was for a Samba Member Server that used a different LDAP server for authentication. It was the main server for one of several sites. I think it was in the 500 host network example.

I was going to edit my last post, because I forgot to say that I'm glad that you got it working.
If you have a computer that is going to be replaced at you company ( such as an old Pentium III desktop ), you might want to use it as an experimental box and try different samba configurations, working on the examples.

Take Care!
 
Old 07-19-2006, 02:45 AM   #11
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 476

Original Poster
Rep: Reputation: 33
You to

Thanks for all your help

best regards

Asanka
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba, LDAP, Linux Client, Laptop offline sgeberl Linux - Networking 2 03-10-2006 08:35 AM
How can I connect samba client from samba server wampire Linux - Networking 2 02-13-2006 10:38 AM
Unable to log XP client to Samba-Ldap Domain. Problem from SambaPrimaryGroupSID ngaoundere Linux - Networking 0 02-02-2006 06:37 AM
samba client freezes when samba server goes down timcharper Linux - Networking 1 08-22-2005 10:29 PM
Encrypted Shares on Samba with LDAP on Intranet Server spurgeonb Linux - Security 6 12-17-2003 03:20 AM


All times are GMT -5. The time now is 12:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration