[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Samba with OpenLdap and ONLY VIRTUAL ACCOOUNTS!

>This link describe what you want
>http://samba.idealx.org/dist/samba-ldap-howto.pdf
>To: openldap-software@OpenLDAP.orgSubject: Samba with OpenLdap and ONLY 
>VIRTUAL ACCOOUNTS!From: Alex Pita <newmail@softhome.net>Date: Mon, 16 Dec 
>2002 15:21:46 +0200User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; 
>rv:1.2) Gecko/20021203 Hello openldap experts,
>I am using RedHat 7.3 and I need a solution to make samba works with VIRTUAL 
>USERS accounts. As i read it from google it's seems to be possibile if i use 
>openldap. I'm not having any prior experience with openladp software. Reading 
>openldap documentation i could't find how to configure samba and openldap to 
>WORK WITHOUT any VALID users SHELL ACCOUNT.

1.)I wouldn't call that a virtual user.

2,)This doesn't have anything to do with OpenLDAP, go ask on the Samba 
list

>To be clear: I don't want SHELL USERS with different password for samba!!! I 

Well.... take a look at the schema -

objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
        DESC 'Abstraction of an account with POSIX attributes'
        MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
        MAY ( userPassword $ loginShell $ gecos $ description ) )

Seems userPassword, loginShell, gecos, and description are not required.  
So what is the problem?

>want ONLY VIRTUAL USERS (no one shell account) and al of them MUST resides in 
>openldap (or mysql or postgress) database with all attributes (home 
>directory, UID, GID, user, password, workgroup, domain, etc)..... Did someone 
>test this scenario?

Yes we tested it, and user it every day.  A user MUST be a posixAccount 
object, but beyond that Samba doesn't care.

>Google said that my problem is not well documented and in the past was some 

There isn't anything to document, as this isn't really a special case.  
The Samba site, the idealx document, and my LDAP presentation at 
ftp://ftp.kalamazoolinux.org/pub/pdf/ldapv3.pdf all have everything you 
need to know.  You just need to read them more carefully.

>tryes about this subject. I found also some info about samba and pam_mysql 
>plugin. It sounds familiar for me because few weeks ago i've configured this 
>plugin to authenticate users for postfix smtp via SQL DATABASE, and 
>everithing was ok.

Using an RDBMS for authentication is about the dumbest thing I can think 
of, but whatever floats your boat.

>Actually, i want to do the same work with samba, but i don't know if openldap 
>can do this job exacly as i want. Also, google said that are more projects 
>using samba with openldap support rather then samba with mysql(pgsql) 
>support, so i said to try samba+openldap!

Sure Samba+LDAP is pretty common and LDAP support has been stock in Samba 
for awhile.

>Is anybody here which are using samba (as PDC) + openldap support for users 
>authentication? 

Yes.  And as the mail archives will readily reveal, many others.

>If yes, what are the limitations for the momment (for ex: is 
>possibile to apply particular virtual soft quota for each openldap-samba 
>shared resources? I could't find any answer for this question too...)!

Samba depends upon other mechanisms for quota support.

>Any URL with some howtos about configuring samba to use ONLY openldap 
>database ACCOUNTS are wellcome!
>I take a look over this URLS:
>http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html
>http://www.padl.com/OSS/pam_ldap.html
>but i could't find an aswer to my problem.Please help....

You'll need NSS working first.  See PADL