Web lists-archives.com

Re: [Samba] integrating samba with pam




On Sat, 01 Jul 2017 11:48:21 -0300
Guido Lorenzutti via samba <samba@xxxxxxxxxxxxxxx> wrote:

>   
> 
> Hi there! 
> 
> I been using samba3 with ldap for years, and now im
> about to move to samba4 to leave the slapd. 

I take it you mean that you use Samba as an AD DC
> 
> I didnt try yet to migrate
> the directory from samba3 to samba4. But i did setup a new domain and
> everything looks ok. 
> 
> My doubt is related to the configuration of the
> computers with linux so that they can take advantage of the users and
> passwords of ldap. But also, groups that are unix exclusive. 

It doesn't work that way, you create groups in AD and then make them
Unix groups as well.
> 
> I didnt
> find a way to create groups that in samba3 where only unix:
> 
> 
> smbgroupadd group 
> 
> (withouth the -a) 
> 
> Is this possible? 

No, not unless you create a new NT4-style domain and I strongly urge
you not go down this path, they are things of the past and Microsoft
seems to be trying to make it harder and harder to use them.

> 
> Also, i
> dont want to install winbind in every workstation to authenticate
> against samba4. How can i configure pam_ldap and nslcd to validate my
> users and groups? I did install kerberos and everything seems ok. 

Why do you want to do this ?
The way the Samba code is now written, it needs winbind installed, so
you might as well use it.

See here for more info on setting up a Unix domain member:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba