On May 27, 2004, at 3:49 PM, Vince Hoffman wrote:


I'm using it to store posix and samba users, handles XP and 2k
authentication fine (dont have any 9x on the network,) All i'm doing is
runing a samba PDC for a small network, and am using ldap as it means its
easy to have a BDC if needed and using pam_ldap and nss_ldap i can
centralise my user database, anything that supports pam authentication is
authenticated again it (ie. the external ftp site, uw-imap, smtp auth
(sasl2 using pam) and shell logins where needed, as well as the internal
windows domain, (xp and 2k workstations, samba servers))
If your interested who uses samba and how many users then look here
http://samba-survey.sernet.de/commit.html? action=sort&order=file_sharing_clients&dir=desc&index=0



Maybe I'm approaching this the wrong way then.

I have multiple locations (VPN connected) with Windows2000/Win9x clients. I need them to authenticate username/password pairs.

I wanted to use LDAP so that I could also eventually use the same directory for a new email server to use as an authentication backend. Depending on how the project would go, I'd like to have directory lookups also work from this in email clients (in-house mail directory, information on what room a staff member is based in, etc.)

Basically a central repository of directory information.

I would like to get some information like membership attributes...i.e., Bob is a member of "administrators". Sue is a member of "ourbuilding_secretaries", and Alanis is also a member of "building2_secretaries", so I can set share permissions on Samba for common sharepoints.

Would a better approach be to have Samba set up on these authentication servers, pointing to an LDAP backend? FreeBSD can use PAM easily? (I've had to jump into Linux authentication for a RADIUS project many moons ago, but haven't had to reconfigure anything regarding authentication under FreeBSD before...please forgive the naivety :-) Is there a way to have LDAP also handling the memberships, etc. for the NT machines to understand the memberships for authorization of access to shares, etc...so that it would be easy to spread this out to cache machines in other buildings? If it can all be handled via LDAP, I hoped slurpd would be all that's necessary on a set of SAMBA servers to keep our databases in sync in each building...

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to