[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SAMBA and LDAP (and PAM?)

On Wed, 28 Jan 2004, Philip Juels wrote:

> Hi all,
> I know there is a lot of docs on the subject of PDC+Samba+LDAP, but what 
> I'm trying to do is just simple user authentication of a samba server 
> against an openldap server...the Windows clients that would access the 
> samba shares are either standalone or part of a domain not within the 
> scope of the samba and ldap servers.  Is this possible without having to 
> add the samba.schema (or otherwise muck with the existing ldap server 
> config)?

It might be possible, but I think adding the samba.schema file on your 
LDAP server would be the simplest. That would provide a solution for users 
who have no domain. For users in a different domain, you may be able to 
use an inter-domain trust (it will work with NT domains, no sure about 

> Can a samba->pam->ldap scheme be used?

Not without applying registry patches to all your Windows boxes (and I am 
not sure if anyone as actually done it on an LDAP backend). While clients 
refuse to send unencrypted passwords on the wire, you can't use pam 
authentication (only account, and session IIRC).