Related to this topic, I haven't followed the developments in Samba/FreeBSD for 6 months or so. Does Samba 3.0.10/FreeBSD 5.3 work with LDAP/NSSwitch/Winbind. I know at one point the getgrent/getpwent stuff didn't work so you couldn't enumerate native windows groups. Has all this been fixed? I would like to begin building a new samba box but don't want to waste my time on this combination to find out it still doesn't work
Thank you, Matt Pusateri On Wed, 19 Jan 2005 22:05:56 -0500, Adam Tauno Williams <[EMAIL PROTECTED]> wrote: > > We are trying to use Samba 3.0.10 running on FreeBSD 5.3 to replace a legacy > > NT4 PDC. Our goal is to use LDAP to centralize all user information and > > authentication on the network. To that end, we've set up Samba to use LDAP > > for > > authentication of all the Windows users. This is working, but Samba seems to > > require that all Windows account have a matching Unix account as well. > > YES > > > This would be fine, except that all of the user profile directories and > > Samba > > shares are hosted on a separate machine, making the Unix accounts > > superfluous. > > (As far as I know.) If at all possible, we'd like to avoid having to > > maintain > > user accounts on both the LDAP server and the Samba PDC. I had entertained > > the > > idea of using an LDAP PAM module simulate the Unix accounts, but this is > > looking more and more like the wrong way to go about it as PAM seems tied > > strictly to authentication and Samba already handles that part. > > Your confusing PAM and NSS. > > > So to summarize, I'd like to know if a Samba PDC can be authenticate users > > via > > an LDAP backand without having to contain local Unix accounts for those > > users > > as well. > > You need to have a 'Unix' account; but your using LDAP, so it doesn't > need to be 'local'. > > > I confess to not being a Windows or Samba guru, but I have read a lot > > of documentation and none of it has shed any light on this particular > > problem. > > If there's an easy and obvious way to do this, it has eluded me. > > NSS, you probably don't need PAM. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
