On Oct 18, 2011, at 2:56 PM, Miguel Medalha wrote:
>
>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>>
>
> http://www.samba.org/samba/docs/man/Samba-Guide/happy.html
----
indeed - that is one of the chapters from the 'By Example' to which I referred to earlier
Craig
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
10-19-2011, 02:44 PM
Al
Samba + Openldap
Thanks for the information, I'll refer to it ...
On Oct 18, 2011, at 5:56 PM, Miguel Medalha wrote:
>
>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>>
>
> http://www.samba.org/samba/docs/man/Samba-Guide/happy.html
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
10-19-2011, 03:16 PM
Al
Samba + Openldap
This isn't what I was talking about ... Let me be a little more specific ... I've got an openldap system configured, just need to setup Samba to use openldap to allow them to access there shells via Windows Explorer. They usually login via SSH, but want to have the ability to copy things over to the Windows without using SFTP.
On Oct 18, 2011, at 6:59 PM, Craig White wrote:
>
> On Oct 18, 2011, at 2:56 PM, Miguel Medalha wrote:
>
>>
>>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>>>
>>
>> http://www.samba.org/samba/docs/man/Samba-Guide/happy.html
> ----
> indeed - that is one of the chapters from the 'By Example' to which I referred to earlier
>
> Craig
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
10-19-2011, 05:31 PM
Craig White
Samba + Openldap
On Oct 19, 2011, at 8:16 AM, Al wrote:
> This isn't what I was talking about ... Let me be a little more specific ... I've got an openldap system configured, just need to setup Samba to use openldap to allow them to access there shells via Windows Explorer. They usually login via SSH, but want to have the ability to copy things over to the Windows without using SFTP.
----
I can't see how that actually matters because you want them to gain access to the samba server using their accounts and samba requires both a POSIX & a SAMBA user and the logical place for a SAMBA user is to have their SAMBA attributes in the same LDAP record.
At that point, they could easily mount a SAMBA share on their Windows box using the same account (though Windows passwords use a Windows compatible hashed password). Basically, the user account in LDAP has both POSIX & SAMBA attributes including userPassword (POSIX) and sambaNTPassword (SAMBA) and group memberships that may be one or both (though I tend to create groups that are both).
The easiest way to demonstrate is to use my own setup...
# ldapsearch -x '(uid=craig)' -D uid=craig,ou=people,dc=azapple,dc=com -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=azapple,dc=com> (default) with scope subtree
# filter: (uid=craig)
# requesting: ALL
#
# craig, people, azapple.com
dn: uid=craig,ou=people,dc=azapple,dc=com
sambaPwdMustChange: 2147483647
labeledURI: http://linuxserver/horde/kronolith/fb.php?c=craig
sambaSID: S-1-5-21-1423820788-2381578139-XXXXXXXXXX-1000
calFBURL: http://srv2.azapple.com/horde/kronolith/fb.php?c=craig
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000 000000
00000000
displayName: Craig White
sambaMungedDial: 1
shadowMax: 99999
sambaLogonScript: logon.bat
sambaProfilePath: SRV2profilescraig
cn: Craig White
uidNumber: 1000
shadowWarning: 7
sambaPrimaryGroupSID: 1423820788-2381578139-XXXXXXXXXX-513
sambaAcctFlags: [U ]
gecos: Craig White
shadowLastChange: 15199
sambaPwdLastSet: 1313206319
mail: craig@azapple.com
userPassword:: REMOVED...
sambaLMPassword: REMOVED
uid: craig
sambaPwdCanChange: 1313206319
sambaHomePath: SRV2homescraig
homeDirectory: /home/craig
description: Craig is a local user
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: top
objectClass: calEntry
gidNumber: 100
sambaDomainName: AZAPPLE
givenName: Craig
sambaHomeDrive: h:
sambaNTPassword: REMOVED
sn: White
loginShell: /bin/bash
I would just need to add those attributes in openldap? I'm not very experienced, that is why I asked for howto/tutorials... I've been building an openldap and samba environment in a staged virtual system, so I can get a better understanding on how it all works. It seems to me I would have to add additional attributes to all those users and load the samba.schema onto the master server, then go on the samba server and configure it to use ldap? I'm not so sure, I guess it'll take some time for me to figure it all out...
On Oct 19, 2011, at 1:31 PM, Craig White wrote:
>
> On Oct 19, 2011, at 8:16 AM, Al wrote:
>
>> This isn't what I was talking about ... Let me be a little more specific ... I've got an openldap system configured, just need to setup Samba to use openldap to allow them to access there shells via Windows Explorer. They usually login via SSH, but want to have the ability to copy things over to the Windows without using SFTP.
> ----
> I can't see how that actually matters because you want them to gain access to the samba server using their accounts and samba requires both a POSIX & a SAMBA user and the logical place for a SAMBA user is to have their SAMBA attributes in the same LDAP record.
>
> At that point, they could easily mount a SAMBA share on their Windows box using the same account (though Windows passwords use a Windows compatible hashed password). Basically, the user account in LDAP has both POSIX & SAMBA attributes including userPassword (POSIX) and sambaNTPassword (SAMBA) and group memberships that may be one or both (though I tend to create groups that are both).
>
> The easiest way to demonstrate is to use my own setup...
>
> # ldapsearch -x '(uid=craig)' -D uid=craig,ou=people,dc=azapple,dc=com -W
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=azapple,dc=com> (default) with scope subtree
> # filter: (uid=craig)
> # requesting: ALL
> #
>
> # craig, people, azapple.com
> dn: uid=craig,ou=people,dc=azapple,dc=com
> sambaPwdMustChange: 2147483647
> labeledURI: http://linuxserver/horde/kronolith/fb.php?c=craig
> sambaSID: S-1-5-21-1423820788-2381578139-XXXXXXXXXX-1000
> calFBURL: http://srv2.azapple.com/horde/kronolith/fb.php?c=craig
> sambaPasswordHistory: 00000000000000000000000000000000000000000000000000 000000
> 00000000
> displayName: Craig White
> sambaMungedDial: 1
> shadowMax: 99999
> sambaLogonScript: logon.bat
> sambaProfilePath: SRV2profilescraig
> cn: Craig White
> uidNumber: 1000
> shadowWarning: 7
> sambaPrimaryGroupSID: 1423820788-2381578139-XXXXXXXXXX-513
> sambaAcctFlags: [U ]
> gecos: Craig White
> shadowLastChange: 15199
> sambaPwdLastSet: 1313206319
> mail: craig@azapple.com
> userPassword:: REMOVED...
> sambaLMPassword: REMOVED
> uid: craig
> sambaPwdCanChange: 1313206319
> sambaHomePath: SRV2homescraig
> homeDirectory: /home/craig
> description: Craig is a local user
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: sambaSamAccount
> objectClass: top
> objectClass: calEntry
> gidNumber: 100
> sambaDomainName: AZAPPLE
> givenName: Craig
> sambaHomeDrive: h:
> sambaNTPassword: REMOVED
> sn: White
> loginShell: /bin/bash
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
10-20-2011, 03:14 PM
Arun Khan
Samba + Openldap
On Thu, Oct 20, 2011 at 8:02 PM, Al <mailinglist@theflux.net> wrote:
> I would just need to add those attributes in openldap? *I'm not very experienced, that is why I asked for howto/tutorials... I've been building an openldap and samba environment in a staged virtual system, so I can get a better understanding on how it all works. *It seems to me I would have to add additional attributes to all those users and load the samba.schema onto the master server, then go on the samba server and configure it to use ldap? *I'm not so sure, I guess it'll take some time for me to figure it all out...
Yes, you have to add the samba.schema to your openLDAP setup. The
schema automatically brings in the user attributes. You will need to
populate them for the Samba specific attributes. Indeed, doing it in
a virtual machine is a good way to learn about the LDAP+Samba
integration.
As some one else has suggested, smb-ldap tools does the user
management work for both Unix and Samba. LAM is a PHP based web app
to manage your LDAP setup, it does support the SAMBA extensions.
HTH,
-- Arun Khan
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
10-21-2011, 10:14 AM
Adam Tauno Williams
Samba + Openldap
On Tue, 2011-10-18 at 16:43 -0400, Al wrote:
> Anyone have an update tutorial/howto for samba to authenticate to ldap?
This are lots of docs.
But DO NOT DO IT.
A Samba 3.x DC is very very *obsolete*. The Windows world has moved on
to Active Directory. If you want to do that you need Samba 4 - and no
OpenLDAP.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
10-21-2011, 10:18 AM
"Giles Coochey"
Samba + Openldap
On Fri, October 21, 2011 12:14, Adam Tauno Williams wrote:
> On Tue, 2011-10-18 at 16:43 -0400, Al wrote:
>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>
> This are lots of docs.
>
> But DO NOT DO IT.
>
> A Samba 3.x DC is very very *obsolete*. The Windows world has moved on
> to Active Directory. If you want to do that you need Samba 4 - and no
> OpenLDAP.
>
>From the samba Wiki:
Samba 4 is currently not yet in a state where it can replace existing
production deployments. [1]
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
10-21-2011, 09:30 PM
Al
Samba + Openldap
We're a linux mostly enviroment, some of the users have windows. It sounds to me, maybe I should start over instead of trying to implement it in our current openldap enviroment. We're running openldap 2.3.43 and Samba 3.x..
On Oct 21, 2011, at 6:18 AM, Giles Coochey wrote:
> On Fri, October 21, 2011 12:14, Adam Tauno Williams wrote:
>> On Tue, 2011-10-18 at 16:43 -0400, Al wrote:
>>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>>
>> This are lots of docs.
>>
>> But DO NOT DO IT.
>>
>> A Samba 3.x DC is very very *obsolete*. The Windows world has moved on
>> to Active Directory. If you want to do that you need Samba 4 - and no
>> OpenLDAP.
>>
>> From the samba Wiki:
>
> Samba 4 is currently not yet in a state where it can replace existing
> production deployments. [1]
>
> [1] http://wiki.samba.org/index.php/Samba4#Current_Status
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
10-21-2011, 11:29 PM
John R Pierce
Samba + Openldap
On 10/21/11 2:30 PM, Al wrote:
> We're a linux mostly enviroment, some of the users have windows. It sounds to me, maybe I should start over instead of trying to implement it in our current openldap enviroment. We're running openldap 2.3.43 and Samba 3.x..
what do the windows users authenticate with now? presumably, Samba is
to provide file services to these Windows users?
--
john r pierce N 37, W 122
santa cruz ca mid-left coast
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Samba + Openldap
