|
samba client atenticate against LDAP server
Hi
How to authenticate samba3 file server against ldap central server regards Asanka |
Check if you have samba-docs installed. It includes the book "Samba 3 by Example".
My distro installs a pdf file: /usr/share/doc/packages/samba/Samba3-ByExample.pdf Others install a postscript file. There is also a section in the "Samba3-HOWTO.pdf", also included with samba-docs, on using ldapsam. Chapter 10.4.4 |
hi jschiwal
Thanks I was playing with smb.conf and ldap client authentication using redhat-config-autentication all I did was once I got the ldap client working just add the following to smb.conf hope it is right # Global parameters [global] workgroup = IIL server string = OFFI-DOC-ONLY security = DOMAIN password server = ark [%U-doc] comment = Document share only for official use path = /vol1/%U read only = No guest ok = Yes Any way do you know how the policess works with ldap groups and users regards Asanka |
Is ark a samba pdc? There will be a lot more added in ark's smb.conf file.
Here is a link to a samba-ldap howto: http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html According to Chapter 10 section 4.4.6 of Samba 3 by example, Samba-3 group management is based on POSIX groups. Samba_3 dows not support nested groups. If you search for samba.schema: locate samba.schema , you can find sample LDAP files. Also, do you have smbldap-tools installed. It also contains samba/ldap documentation. However, your questions sounds more like a general samba question. |
HI
Yes ark is a samba pdc and using LDAP backend and smbldap-tools to manage. This smb.conf is not in the pdc I made it on the file server which I want to authenticate against the pdc. With this smb.conf it is working ok but I dont know and dont know how to test the authentication part. When I login in to the pdc from a windows machine (I exist only on pdc) it shows me my share and I can do any thing to that directory. Do you think with this configuration any body can access (is there a security issue). The folders are having only user rwx permissions Regards Asanka |
Code:
[%U-doc]Look in your samba configuration useradd scripts. When a new user is added, I think that the samba useradd script should include a line like: useradd -s /bin/false %U 2>/dev/null Also check that each "username-doc" directory is created with 0700 permissions. However, you are configuring a Domain Member Server as it it were a Domain Member Workstation client. I would recommend that you study Chapter 7 of the Samba3-ByExample.pdf document. |
You are right its working
Thanks Best regards Asanka By the way do you know whether we can migrate win 2003 AD to samba 3 ldap |
Code:
security = DOMAINI think it would be better if you used one of the ldap servers instead and base the configuration on the Domain Member Server examples in the Samba 3 by Example book. If you google for "IBM Redbook samba ldap" you may also come up with a couple excellent IBM Red Book on Samba and/or LDAP. |
yes ARK is a ldap/Samba domain controler.
and is working as a member server thanks Regards Asanka |
The example I was referring to was for a Samba Member Server that used a different LDAP server for authentication. It was the main server for one of several sites. I think it was in the 500 host network example.
I was going to edit my last post, because I forgot to say that I'm glad that you got it working. If you have a computer that is going to be replaced at you company ( such as an old Pentium III desktop ), you might want to use it as an experimental box and try different samba configurations, working on the examples. Take Care! |
You to
Thanks for all your help best regards Asanka |
| All times are GMT -5. The time now is 02:42 AM. |