LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 04-07-2009, 08:15 AM   #1
hopbyhop
Member
 
Registered: Aug 2008
Posts: 52

Rep: Reputation: 15
samba simple ldap - active directory authentication


Hi all,
I searched the forums and samba docs without finding a solution.
We have Windows 2003 Active Directory server holding mail user accounts. Users manage their passwords through Exchange's Webmail application. Most users are not joined to Windows domain and have plain workgroup setup.
I would set up a Samba server with this behaviour:
  • Samba's share definition in smb.conf list the users allowed to access THAT share;
  • Users provide their username and mail (AD) password;
  • Samba checks if THAT user is allowed to access the share and verifies the password via Active Direectory's LDAP;
  • No need to change AD password from Samba, no change to made in AD LDAP structure.

In other words I would replicate what I'm doing with Apache's mod_ldap, so users can access reserved pages supplying their (mail) username and password.

Any chance to succeed in making that?

Thanks all.
 
Old 04-07-2009, 01:24 PM   #2
archangel_617b
Member
 
Registered: Sep 2003
Location: GMT -08:00
Distribution: Ubuntu, RHEL/CentOS, Fedora
Posts: 234

Rep: Reputation: 42
Quote:
Originally Posted by hopbyhop View Post
Hi all,
I searched the forums and samba docs without finding a solution.
We have Windows 2003 Active Directory server holding mail user accounts. Users manage their passwords through Exchange's Webmail application. Most users are not joined to Windows domain and have plain workgroup setup.
I would set up a Samba server with this behaviour:
  • Samba's share definition in smb.conf list the users allowed to access THAT share;
  • Users provide their username and mail (AD) password;
  • Samba checks if THAT user is allowed to access the share and verifies the password via Active Direectory's LDAP;
  • No need to change AD password from Samba, no change to made in AD LDAP structure.

In other words I would replicate what I'm doing with Apache's mod_ldap, so users can access reserved pages supplying their (mail) username and password.

Any chance to succeed in making that?

Thanks all.
Sure. Join Samba to the Domain. Put users in groups for who has access to each share. And then restrict the various shares to the user groups you've created.

There's loads of docs for getting Samba on the domain so that should be an issue. Let us know how far you get.

- Arch
 
Old 04-07-2009, 02:11 PM   #3
hopbyhop
Member
 
Registered: Aug 2008
Posts: 52

Original Poster
Rep: Reputation: 15
Do you mean configuring samba as a "Domain member server"? So I guess I have to install kerberos too...
Furthermore, Samba server is on DMZ, while AD server is behind the firewall, in a phisically separate subnet.
I think I'll have the issue to make AD server reachable trough the netbios name.
 
Old 04-07-2009, 07:05 PM   #4
archangel_617b
Member
 
Registered: Sep 2003
Location: GMT -08:00
Distribution: Ubuntu, RHEL/CentOS, Fedora
Posts: 234

Rep: Reputation: 42
Yep. Domain member server. If you want to authenticate users against AD, you're going to have to punch some holes from the file server to your domain controllers, I don't see any way around that.

You're not really going to be able to authenticate with just plain LDAP against active directory. It will require either a lot of modification of the directory or some modification of your directory plus keeping separate password accounts for the Samba server. If you're willing to really work-over your directory, then you can treat it as a regular LDAP directory and add all the schemas you need. But no matter what, if you want to get your Samba server to auth against AD, you've got to put a couple of holes in your firewall to allow communication between the two systems.

- Arch
 
  


Reply

Tags
authentication, directory, ldap, samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CentOS 5.2 LDAP/kerberos authentication fails against Active Directory ccaum Linux - Server 14 03-24-2010 12:15 PM
ldap authentication (active directory) and using UPN as username td3201 Linux - General 1 10-01-2008 04:33 AM
compiling squid with ldap authentication for active directory ashfaq Linux - Software 0 05-12-2008 02:55 AM
ldap authentication against active directory Hubert Kiyimba Solaris / OpenSolaris 1 03-16-2007 11:41 AM
samba-authentication with Active Directory sanjeevsagoo Linux - Networking 2 05-07-2004 04:09 AM


All times are GMT -5. The time now is 05:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration