Web lists-archives.com

Re: [Samba] Authenticating against Samba 4 AD LDAP service




Rowland Penny via samba wrote 2018-09-06 14:50:
On Thu, 06 Sep 2018 12:47:02 +0700
Konstantin Boyandin via samba <samba@xxxxxxxxxxxxxxx> wrote:

Rowland Penny via samba писал 2018-09-05 16:10:
> However, are you sure you cannot use kerberos ?
> What are your existing services ?

to name most important ones:

- Mail server (I use pam_ldap/nss_ldap, i.e. nslcd, currently)
- Shell (SSH) server (same, using nslcd)
- Apache 2.* LDAP authentication module
- Atlassian Confluence
- GitLab


I am positive that most of the above will work with kerberos
authentication, the only exception is 'Mail server'. This is only
because saying 'Mail server' is a bit like saying 'I have a computer',
it could be anything, but whatever it is, you probably can use kerberos
and if Dovecot is in the mix, you definitely can use kerberos.

Thanks for the reassuring. The mail server/SSH server are using pam_ldap and nss_ldap to authenticate and get attributes from LDAP (via nss_pam_ldapd CentOS package).

Basically, I have configured nslcd to get info from Samba4, according to

https://wiki.samba.org/index.php/Nslcd

The further questions are:

1. I have to add uidNumber/gidNumber manually per user/group, as said in

https://wiki.samba.org/index.php/Adding_users_with_samba_tool

Is it possible to do that in batch mode, as well (i.e. create kind of .ldif and update the sam.ldb with it)?

2. I have no luck setting up pam_ldap.conf to allow authentication against Samba4. There are no visible hints in Samba Wiki. I could only guess I have to try Kerberos, perhaps, instead of pam_ldap.

Thanks.

Sincerely,
Konstantin

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba