Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-06-2003, 04:30 PM
|
#1
|
Member
Registered: Apr 2003
Posts: 178
Rep:
|
Samba and LDAP in Linux to authenticate on Windows 2000 PDC
I have successfully setup PAM, Winbind and Samba on a RedHat8 (Linux) computer so that a windows 2000 workstation can login to a Windows 2000 server domain, and then browse and mapped a drive to Redhat8. All of the users and groups information are residing on the Windows 2000 server domain and not on RedHat8.
The limitation of Winbind is that if there are multiple Linux computer that authenticate to a Windows 2000 server domain, then the same user on a Windows 2000 server domain would have a different UID (user id) on each Linux computer that is running Winbind.
Questions:
1) Am I correct that in order to solve this problem, I have to run Samba 2.2.7 with LDAP installed on the Linux machine ?
2) If I use Samba 2.2.7 with LDAP on the Linux side to authenticate to a Windows 2000 server domain, then do I need to use PAM on the Linux machine ?
3) On RedHat 8 and RedHat 9, if I use Samba 2.2.7 with LDAP on the Linux side to authenticate to a Windows 2000 server domain, then do I need to use Kerberos authentication on the Linux machine ?
4) On RedHat 8 and RedHat 9, if you run /usr/bin/authconfig, Then there is a section on Kerberos 5 for you to fill out. Am I correct that if Kerberos 5 authentication were to be used then it means that LDAP must be used in conjunction to it ?
Linh
|
|
|
05-06-2003, 07:20 PM
|
#2
|
Senior Member
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243
Rep:
|
Re: Samba and LDAP in Linux to authenticate on Windows 2000 PDC
Quote:
Originally posted by Linh
1) Am I correct that in order to solve this problem, I have to run Samba 2.2.7 with LDAP installed on the Linux machine ?
|
I'm not sure that Samba and LDAP wouldn't solve the problem but you can use rsync to keep the file that holds the mappings between Windows UIDs and Linux UID synchronised on all the machines. That way you'll always gets the same UID on each box you log into with your Win2K Domain (ADS) user.
Quote:
Originally posted by Linh
2) If I use Samba 2.2.7 with LDAP on the Linux side to authenticate to a Windows 2000 server domain, then do I need to use PAM on the Linux machine ?
|
As I understand it yes, you'll need PAM and Winbind. Note that you won't need a seperate LDAP server as this is basically what your Win2K domain already provides. Or were you thinking of trying to get Win2K to authenticate against your LDAP server (run for the hills!).?
Quote:
Originally posted by Linh
3) On RedHat 8 and RedHat 9, if I use Samba 2.2.7 with LDAP on the Linux side to authenticate to a Windows 2000 server domain, then do I need to use Kerberos authentication on the Linux machine ?
|
Note sure on this one. Win2K ADS use kerberos auth part of its authentication mechanism. I would have though that you would just use PAM and Winbind to talk to the domain controllers directly.
Quote:
Originally posted by Linh
4) On RedHat 8 and RedHat 9, if you run /usr/bin/authconfig, Then there is a section on Kerberos 5 for you to fill out. Am I correct that if Kerberos 5 authentication were to be used then it means that LDAP must be used in conjunction to it ?
|
Pass... Sorry I don't use Redhat and don't really know much about Kerberos...
cheers
Jamie...
|
|
|
05-09-2003, 08:24 AM
|
#3
|
Member
Registered: Mar 2003
Location: el paso
Distribution: Redhat, Suse, and freebsd
Posts: 90
Rep:
|
know I'm a little bit fuzzy on your setup. Maybe you over looked this idea or concept.
First of all you have a strong understanding of Server to client relationship. The problem is your confusing me.
We know a client computer accesses files on a Server.
But the way your approaching this to me is confusing me.
Your stating your running a Linux Samba Server and a Windows 2000 Server.
look at my example of how the files should be shared ok.
linux Samba Server
Linux client computers should then be hooked up to the Samba Server and share files directly to the Samba Server.
Windows 2000 Server
WIndows 2000 pro or clients should save files to the Windows 2000 Server.
What I'm implying is that if a server is used to save data and share documents.
Why are you trying to force the Windows 2000 server to connect to multiple sessions of Samba if all you need to do is setup the Samba server to share files to its local pool of computers being the linux workstations.
What I'm saying is all the Samba Server in your case is used for is a gateway to the Windows 2000 server to share resources.
The next point is do you need more then one Samba Server to access the Windows 2000 server because it puts to much of a load on the Single samba sever....
The question I might have is can the Unix Samba server share the mounted folder that is in the Root folder or can you create a user account on the Samba server for users to mount there own shares with windows 2000 Server. Which would allow each individual to login to a dummy terminal and access the Samba share themselves without using the root account.
You brought up some good points I feel. Maybe one day Samba might produce the product to allow Linux clients to connect individually on a workstation by workstation basis.
|
|
|
All times are GMT -5. The time now is 05:16 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|