Hi!
Well, I'll give you my point of view according to what I have understood in howto-collection and my samba experiencie:
Using LDAP, Samba distinguishes two things:
-a) authentication against the UN*X account
-b) all the other SAMBA-accounting data (expiration, ntpassword , lmpassword, ...).
No matter if you use ldapsam , the users will still have to be authenticated against the UN*X accounts database. So, if you use NSS + PAM + LDAP you can do that those credentials be checked against the LDAP (using pamldap or pamunix) (pamunix is prefered because the passwd moves encrypted through the network).
This way you can avoid using the LDAP posix scheme and put all SAMBA-accounting data on your files (smbpasswd...) and doing the first authentication against LDAP (posixaccount...) but you have to remember that you allways have to check LMPassword and NTPassword, which should also be set, and they are part of SAMBA accounting data.
So, you'll have to set and change user's passwords both in LDAP and smbpassword file. This way I can't find any advantage on keeping ldap authentication but still having data on smbpasswd file. If you are going to authenticate agains LDAP I think is better to put all the data also on LDAP and it will be easier for you to maintain your accounting database.
Hope it helps, James!
Adam Tauno Williams wrote:
This question has probably been asked before, but I would like to ask it again. I know all about LDAP authentication between samba and a LDAP service with the proper schema in place. You create a entry in the LDAP database with all the samba privileges in place. I want to just authenticate with a LDAP service and not use a special samba schema.
No, not possible. (Well you might be able to if you hack to disable encrypted passwords, etc... but I doubt it would work as a DC).
We use LDAP to authenticate for telnet, ftp and proxy services. This LDAP service is used for single sign on type of authentication so that the user does not need to have dozens of passwords for different servers and services. I want to use LDAP with samba for the same reason. I will create and entry on the samba host in the samba smbpasswd file, but want to go against the LDAP server for the password. Can this be done?
This works, but must be done in collaberation with the Samba schema extensions.
-- Angel Galindo Mu�oz [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
