FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 10-18-2011, 10:59 PM
Craig White
 
Default Samba + Openldap

On Oct 18, 2011, at 2:56 PM, Miguel Medalha wrote:

>
>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>>
>
> http://www.samba.org/samba/docs/man/Samba-Guide/happy.html
----
indeed - that is one of the chapters from the 'By Example' to which I referred to earlier

Craig

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-19-2011, 02:44 PM
Al
 
Default Samba + Openldap

Thanks for the information, I'll refer to it ...

On Oct 18, 2011, at 5:56 PM, Miguel Medalha wrote:

>
>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>>
>
> http://www.samba.org/samba/docs/man/Samba-Guide/happy.html

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-19-2011, 03:16 PM
Al
 
Default Samba + Openldap

This isn't what I was talking about ... Let me be a little more specific ... I've got an openldap system configured, just need to setup Samba to use openldap to allow them to access there shells via Windows Explorer. They usually login via SSH, but want to have the ability to copy things over to the Windows without using SFTP.

On Oct 18, 2011, at 6:59 PM, Craig White wrote:

>
> On Oct 18, 2011, at 2:56 PM, Miguel Medalha wrote:
>
>>
>>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>>>
>>
>> http://www.samba.org/samba/docs/man/Samba-Guide/happy.html
> ----
> indeed - that is one of the chapters from the 'By Example' to which I referred to earlier
>
> Craig
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-19-2011, 05:31 PM
Craig White
 
Default Samba + Openldap

On Oct 19, 2011, at 8:16 AM, Al wrote:

> This isn't what I was talking about ... Let me be a little more specific ... I've got an openldap system configured, just need to setup Samba to use openldap to allow them to access there shells via Windows Explorer. They usually login via SSH, but want to have the ability to copy things over to the Windows without using SFTP.
----
I can't see how that actually matters because you want them to gain access to the samba server using their accounts and samba requires both a POSIX & a SAMBA user and the logical place for a SAMBA user is to have their SAMBA attributes in the same LDAP record.

At that point, they could easily mount a SAMBA share on their Windows box using the same account (though Windows passwords use a Windows compatible hashed password). Basically, the user account in LDAP has both POSIX & SAMBA attributes including userPassword (POSIX) and sambaNTPassword (SAMBA) and group memberships that may be one or both (though I tend to create groups that are both).

The easiest way to demonstrate is to use my own setup...

# ldapsearch -x '(uid=craig)' -D uid=craig,ou=people,dc=azapple,dc=com -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=azapple,dc=com> (default) with scope subtree
# filter: (uid=craig)
# requesting: ALL
#

# craig, people, azapple.com
dn: uid=craig,ou=people,dc=azapple,dc=com
sambaPwdMustChange: 2147483647
labeledURI: http://linuxserver/horde/kronolith/fb.php?c=craig
sambaSID: S-1-5-21-1423820788-2381578139-XXXXXXXXXX-1000
calFBURL: http://srv2.azapple.com/horde/kronolith/fb.php?c=craig
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000 000000
00000000
displayName: Craig White
sambaMungedDial: 1
shadowMax: 99999
sambaLogonScript: logon.bat
sambaProfilePath: SRV2profilescraig
cn: Craig White
uidNumber: 1000
shadowWarning: 7
sambaPrimaryGroupSID: 1423820788-2381578139-XXXXXXXXXX-513
sambaAcctFlags: [U ]
gecos: Craig White
shadowLastChange: 15199
sambaPwdLastSet: 1313206319
mail: craig@azapple.com
userPassword:: REMOVED...
sambaLMPassword: REMOVED
uid: craig
sambaPwdCanChange: 1313206319
sambaHomePath: SRV2homescraig
homeDirectory: /home/craig
description: Craig is a local user
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: top
objectClass: calEntry
gidNumber: 100
sambaDomainName: AZAPPLE
givenName: Craig
sambaHomeDrive: h:
sambaNTPassword: REMOVED
sn: White
loginShell: /bin/bash

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-20-2011, 02:32 PM
Al
 
Default Samba + Openldap

I would just need to add those attributes in openldap? I'm not very experienced, that is why I asked for howto/tutorials... I've been building an openldap and samba environment in a staged virtual system, so I can get a better understanding on how it all works. It seems to me I would have to add additional attributes to all those users and load the samba.schema onto the master server, then go on the samba server and configure it to use ldap? I'm not so sure, I guess it'll take some time for me to figure it all out...

On Oct 19, 2011, at 1:31 PM, Craig White wrote:

>
> On Oct 19, 2011, at 8:16 AM, Al wrote:
>
>> This isn't what I was talking about ... Let me be a little more specific ... I've got an openldap system configured, just need to setup Samba to use openldap to allow them to access there shells via Windows Explorer. They usually login via SSH, but want to have the ability to copy things over to the Windows without using SFTP.
> ----
> I can't see how that actually matters because you want them to gain access to the samba server using their accounts and samba requires both a POSIX & a SAMBA user and the logical place for a SAMBA user is to have their SAMBA attributes in the same LDAP record.
>
> At that point, they could easily mount a SAMBA share on their Windows box using the same account (though Windows passwords use a Windows compatible hashed password). Basically, the user account in LDAP has both POSIX & SAMBA attributes including userPassword (POSIX) and sambaNTPassword (SAMBA) and group memberships that may be one or both (though I tend to create groups that are both).
>
> The easiest way to demonstrate is to use my own setup...
>
> # ldapsearch -x '(uid=craig)' -D uid=craig,ou=people,dc=azapple,dc=com -W
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=azapple,dc=com> (default) with scope subtree
> # filter: (uid=craig)
> # requesting: ALL
> #
>
> # craig, people, azapple.com
> dn: uid=craig,ou=people,dc=azapple,dc=com
> sambaPwdMustChange: 2147483647
> labeledURI: http://linuxserver/horde/kronolith/fb.php?c=craig
> sambaSID: S-1-5-21-1423820788-2381578139-XXXXXXXXXX-1000
> calFBURL: http://srv2.azapple.com/horde/kronolith/fb.php?c=craig
> sambaPasswordHistory: 00000000000000000000000000000000000000000000000000 000000
> 00000000
> displayName: Craig White
> sambaMungedDial: 1
> shadowMax: 99999
> sambaLogonScript: logon.bat
> sambaProfilePath: SRV2profilescraig
> cn: Craig White
> uidNumber: 1000
> shadowWarning: 7
> sambaPrimaryGroupSID: 1423820788-2381578139-XXXXXXXXXX-513
> sambaAcctFlags: [U ]
> gecos: Craig White
> shadowLastChange: 15199
> sambaPwdLastSet: 1313206319
> mail: craig@azapple.com
> userPassword:: REMOVED...
> sambaLMPassword: REMOVED
> uid: craig
> sambaPwdCanChange: 1313206319
> sambaHomePath: SRV2homescraig
> homeDirectory: /home/craig
> description: Craig is a local user
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: sambaSamAccount
> objectClass: top
> objectClass: calEntry
> gidNumber: 100
> sambaDomainName: AZAPPLE
> givenName: Craig
> sambaHomeDrive: h:
> sambaNTPassword: REMOVED
> sn: White
> loginShell: /bin/bash
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-20-2011, 03:14 PM
Arun Khan
 
Default Samba + Openldap

On Thu, Oct 20, 2011 at 8:02 PM, Al <mailinglist@theflux.net> wrote:
> I would just need to add those attributes in openldap? *I'm not very experienced, that is why I asked for howto/tutorials... I've been building an openldap and samba environment in a staged virtual system, so I can get a better understanding on how it all works. *It seems to me I would have to add additional attributes to all those users and load the samba.schema onto the master server, then go on the samba server and configure it to use ldap? *I'm not so sure, I guess it'll take some time for me to figure it all out...

Yes, you have to add the samba.schema to your openLDAP setup. The
schema automatically brings in the user attributes. You will need to
populate them for the Samba specific attributes. Indeed, doing it in
a virtual machine is a good way to learn about the LDAP+Samba
integration.

As some one else has suggested, smb-ldap tools does the user
management work for both Unix and Samba. LAM is a PHP based web app
to manage your LDAP setup, it does support the SAMBA extensions.

HTH,

-- Arun Khan
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-21-2011, 10:14 AM
Adam Tauno Williams
 
Default Samba + Openldap

On Tue, 2011-10-18 at 16:43 -0400, Al wrote:
> Anyone have an update tutorial/howto for samba to authenticate to ldap?

This are lots of docs.

But DO NOT DO IT.

A Samba 3.x DC is very very *obsolete*. The Windows world has moved on
to Active Directory. If you want to do that you need Samba 4 - and no
OpenLDAP.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-21-2011, 10:18 AM
"Giles Coochey"
 
Default Samba + Openldap

On Fri, October 21, 2011 12:14, Adam Tauno Williams wrote:
> On Tue, 2011-10-18 at 16:43 -0400, Al wrote:
>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>
> This are lots of docs.
>
> But DO NOT DO IT.
>
> A Samba 3.x DC is very very *obsolete*. The Windows world has moved on
> to Active Directory. If you want to do that you need Samba 4 - and no
> OpenLDAP.
>
>From the samba Wiki:

Samba 4 is currently not yet in a state where it can replace existing
production deployments. [1]

[1] http://wiki.samba.org/index.php/Samba4#Current_Status


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-21-2011, 09:30 PM
Al
 
Default Samba + Openldap

We're a linux mostly enviroment, some of the users have windows. It sounds to me, maybe I should start over instead of trying to implement it in our current openldap enviroment. We're running openldap 2.3.43 and Samba 3.x..

On Oct 21, 2011, at 6:18 AM, Giles Coochey wrote:

> On Fri, October 21, 2011 12:14, Adam Tauno Williams wrote:
>> On Tue, 2011-10-18 at 16:43 -0400, Al wrote:
>>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>>
>> This are lots of docs.
>>
>> But DO NOT DO IT.
>>
>> A Samba 3.x DC is very very *obsolete*. The Windows world has moved on
>> to Active Directory. If you want to do that you need Samba 4 - and no
>> OpenLDAP.
>>
>> From the samba Wiki:
>
> Samba 4 is currently not yet in a state where it can replace existing
> production deployments. [1]
>
> [1] http://wiki.samba.org/index.php/Samba4#Current_Status
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-21-2011, 11:29 PM
John R Pierce
 
Default Samba + Openldap

On 10/21/11 2:30 PM, Al wrote:
> We're a linux mostly enviroment, some of the users have windows. It sounds to me, maybe I should start over instead of trying to implement it in our current openldap enviroment. We're running openldap 2.3.43 and Samba 3.x..

what do the windows users authenticate with now? presumably, Samba is
to provide file services to these Windows users?



--
john r pierce N 37, W 122
santa cruz ca mid-left coast

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 02:51 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org