Hi,
I run a Centos 5.8 samba server which uses a separate LDAP centos 6.3 server for user and group authentication.
Now we migrate to a new centos 6.3 samba server and I'd like to know how do 'ldapify' that new server the best way.
I'm a bit confused if I can use the same nss setup like on the current old server or how and what to configure to go with SSSD?
May be someone can point me to a good how to or has some hints/suggetions?
Thanks and best regards . Götz
Dear Goetz,
On Mon, 08 Oct 2012 10:22:16 +0200 Götz Reinicke - IT Koordinator goetz.reinicke@filmakademie.de wrote:
May be someone can point me to a good how to or has some hints/suggetions?
nslcd provides this service for you. (pkg: nss-pam-ldapd)
/etc/nslcd.conf
And /etc/pam_ldap.conf (pkg: pam_ldap)
Make sure that nslcd is running when starting samba.
Brgds
Dear Benjamin,
Am 08.10.12 11:13, schrieb Benjamin Hackl:
Dear Goetz,
On Mon, 08 Oct 2012 10:22:16 +0200 Götz Reinicke - IT Koordinator goetz.reinicke@filmakademie.de wrote:
May be someone can point me to a good how to or has some hints/suggetions?
nslcd provides this service for you. (pkg: nss-pam-ldapd)
/etc/nslcd.conf
And /etc/pam_ldap.conf (pkg: pam_ldap)
Make sure that nslcd is running when starting samba.
Thanks. Can you tell me why not to use the SSSD? Im not yet familiar with it, but found some postings in the web and will try to understand it.
Or is 'nlscd' just the old school way and SSSD the new one?
cheers . Götz
On 10/12/2012 05:28 AM, Götz Reinicke - IT Koordinator wrote:
Thanks. Can you tell me why not to use the SSSD? Im not yet familiar with it, but found some postings in the web and will try to understand it.
Or is 'nlscd' just the old school way and SSSD the new one?
The old school way was pam_ldap and nss_ldap. nlscd was written to address some architectural shortcomings in nss_ldap, and so was sssd.
I would definitely go with sssd. Its caching is much better, so it's going to scale much better. It's the default mechanism in Fedora releases, so if you need to compare configuration to another client OS you'll be better equiped.
-
Benjamin Hackl -
Gordon Messmer -
Götz Reinicke - IT Koordinator