> We are trying to use Samba 3.0.10 running on FreeBSD 5.3 to replace a legacy > NT4 PDC. Our goal is to use LDAP to centralize all user information and > authentication on the network. To that end, we've set up Samba to use LDAP for > authentication of all the Windows users. This is working, but Samba seems to > require that all Windows account have a matching Unix account as well.
YES > This would be fine, except that all of the user profile directories and Samba > shares are hosted on a separate machine, making the Unix accounts superfluous. > (As far as I know.) If at all possible, we'd like to avoid having to maintain > user accounts on both the LDAP server and the Samba PDC. I had entertained the > idea of using an LDAP PAM module simulate the Unix accounts, but this is > looking more and more like the wrong way to go about it as PAM seems tied > strictly to authentication and Samba already handles that part. Your confusing PAM and NSS. > So to summarize, I'd like to know if a Samba PDC can be authenticate users via > an LDAP backand without having to contain local Unix accounts for those users > as well. You need to have a 'Unix' account; but your using LDAP, so it doesn't need to be 'local'. > I confess to not being a Windows or Samba guru, but I have read a lot > of documentation and none of it has shed any light on this particular problem. > If there's an easy and obvious way to do this, it has eluded me. NSS, you probably don't need PAM. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba