FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 05-21-2012, 10:17 PM
aurfalien
 
Default SMB shares and LDAP

Hi,

I have a scenario were I only have OpenLDAP running for authing my Linux and Windows client.

Windows is using the pGina LDAP client to talk to my OpenLDAP server, no problems, working like a charm.

However I need to setup a simple Samba file server-only.

None of my Unix boxes have a compete /etc/passwd file as every one auths against OpenLDAP.

Is there some kind of passwd backend option in my smb.conf that allows it to query my OpenLDAP server?

Thanks in advance,

- aurf

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-22-2012, 03:25 AM
Gordon Messmer
 
Default SMB shares and LDAP

On 05/21/2012 03:17 PM, aurfalien wrote:
> Is there some kind of passwd backend option in my smb.conf that allows it to query my OpenLDAP server?

Presumably, you're trying to avoid a proper setup:
http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_file_ser ver_using_LDAP

If you already have LDAP authentication and NSS set up, and you don't
want to add Samba related attributes to your directory, you'd need to
disable "encrypt passwords" in smb.conf and modify the Windows registry
so that it sends your passwords in plain text:
http://www.encs.concordia.ca/helpdesk/howto/plain_password.html

Needless to say, the security of this configuration is awful, but not
worse than if you're using OpenLDAP without SSL.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-22-2012, 03:07 PM
aurfalien
 
Default SMB shares and LDAP

On May 21, 2012, at 11:25 PM, Gordon Messmer wrote:

> On 05/21/2012 03:17 PM, aurfalien wrote:
>> Is there some kind of passwd backend option in my smb.conf that allows it to query my OpenLDAP server?
>
> Presumably, you're trying to avoid a proper setup:
> http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_file_ser ver_using_LDAP
>
> If you already have LDAP authentication and NSS set up, and you don't
> want to add Samba related attributes to your directory, you'd need to
> disable "encrypt passwords" in smb.conf and modify the Windows registry
> so that it sends your passwords in plain text:
> http://www.encs.concordia.ca/helpdesk/howto/plain_password.html
>
> Needless to say, the security of this configuration is awful, but not
> worse than if you're using OpenLDAP without SSL.

Hi Gordon,

What should my passdb backend be set to?

Yes, you are correct, I'd rather dispense with having my ldap db be populated with Samba attributes.

I've setup Samba + LDAP before, just unsure how to break the model. I mean the docs are great for doing things proper, just unsure how to do it improper if you know what I mean.

- aurf


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:04 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org