Re: [Samba] LDAP versus LDAPSAM

[Philip Juels]

Well, I work for a large genetics research facility within an even 
larger healthcare provider network.   What we're doing is creating a 
web/jboss-based LIMS (Laboratory Information Management System), and 
attached to that we have a repository (on a separate machine) for user 
data that jboss automatically sets up for each user.  However, since we 
wish to give users the option of accessing to their data outside of the 
LIMS portal, we naturally selected samba to be the filesystem 
abstraction.  Since our LIMS authenticates users against our ldap server 
(and creates users on the fly), for consistency/convenience we wanted 
the samba data server to authenticate against the same ldap server.

The trick is these users would be accessing the samba server via Win2k 
clients that are part of a separate Windows domain that we have no 
control over  So, I'm not sure if  setting up a samba PDC would help 
us.  Given this we chose to use an openldap solution for user 
authentication across our jboss, database, and fileservers.  I'm stuck 
trying to set up user authentication via ldap for samba connections.

We did try PAM+LDAP, but PAM doesn't support encryption.

--Phil

Craig White wrote:

On Mon, 2004-02-02 at 07:59, Philip Juels wrote:
 

Hi all,

What exactly is the difference between ldap and ldapsam compilations? 
What functional differences are there for samba?  I assume you can do
user authentication with just ldap?
   

---
why would you assume that? samba has always maintained it's own db for
user accounts - the posix attributes don't contain information fields
necessary for samba usage.
LDAP is it's own entity - ldapsam is just one of several options for
backend storage of users/groups/computers that have significance in a
Windows network
---
 

 Is ldapsam only necessary for PDC
functionality?
   

---
ldapsam isn't necessary for PDC functionality - but some backend type is
necessary for samba functionality. The choice of which one to use and
how to use it is yours.
---
 

There seems to be loads of documentation on Samba-as-PDC-to-LDAP, but
virtually none that I could find for just samba-to-ldap (over TLS, so
no PAM)
   

---
do you have other services that authenticate to LDAP without PAM? if so,
why not try to implement the model that you've already got in place?
---
 

user authentication (I'm not interested in setting up a
samba-based PDC, although I will if I have to).
   

---
I haven't figured out why you would have to make a samba PDC but you
haven't figured out what you want to do. If you have LDAP & PAM already
handling authentication for resource level stuff, this may be all you
need and just using a simple backend like passwd backend or tdbsam
backend to store users & groups & machines stuff. Unless you fully
integrate with LDAP (ldapsam), there is only your scripting to try to
link the LDAP users & passwords to samba.
Craig

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba