[CentOS] Samba + Openldap

Al mailinglist at theflux.net
Thu Oct 20 14:32:59 UTC 2011


I would just need to add those attributes in openldap?  I'm not very experienced, that is why I asked for howto/tutorials... I've been building an openldap and samba environment in a staged virtual system, so I can get a better understanding on how it all works.  It seems to me I would have to add additional attributes to all those users and load the samba.schema onto the master server, then go on the samba server and configure it to use ldap?  I'm not so sure, I guess it'll take some time for me to figure it all out...

On Oct 19, 2011, at 1:31 PM, Craig White wrote:

> 
> On Oct 19, 2011, at 8:16 AM, Al wrote:
> 
>> This isn't what I was talking about ... Let me be a little more specific ... I've got an openldap system configured, just need to setup Samba to use openldap to allow them to access there shells via Windows Explorer.  They usually login via SSH, but want to have the ability to copy things over to the Windows without using SFTP.
> ----
> I can't see how that actually matters because you want them to gain access to the samba server using their accounts and samba requires both a POSIX & a SAMBA user and the logical place for a SAMBA user is to have their SAMBA attributes in the same LDAP record.
> 
> At that point, they could easily mount a SAMBA share on their Windows box using the same account (though Windows passwords use a Windows compatible hashed password). Basically, the user account in LDAP has both POSIX & SAMBA attributes including userPassword (POSIX) and sambaNTPassword (SAMBA) and group memberships that may be one or both (though I tend to create groups that are both).
> 
> The easiest way to demonstrate is to use my own setup...
> 
> # ldapsearch -x '(uid=craig)' -D uid=craig,ou=people,dc=azapple,dc=com -W
> Enter LDAP Password: 
> # extended LDIF
> #
> # LDAPv3
> # base <dc=azapple,dc=com> (default) with scope subtree
> # filter: (uid=craig)
> # requesting: ALL
> #
> 
> # craig, people, azapple.com
> dn: uid=craig,ou=people,dc=azapple,dc=com
> sambaPwdMustChange: 2147483647
> labeledURI: http://linuxserver/horde/kronolith/fb.php?c=craig
> sambaSID: S-1-5-21-1423820788-2381578139-XXXXXXXXXX-1000
> calFBURL: http://srv2.azapple.com/horde/kronolith/fb.php?c=craig
> sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
> 00000000
> displayName: Craig White
> sambaMungedDial: 1
> shadowMax: 99999
> sambaLogonScript: logon.bat
> sambaProfilePath: \\SRV2\profiles\craig
> cn: Craig White
> uidNumber: 1000
> shadowWarning: 7
> sambaPrimaryGroupSID: 1423820788-2381578139-XXXXXXXXXX-513
> sambaAcctFlags: [U          ]
> gecos: Craig White
> shadowLastChange: 15199
> sambaPwdLastSet: 1313206319
> mail: craig at azapple.com
> userPassword:: REMOVED...
> sambaLMPassword: REMOVED
> uid: craig
> sambaPwdCanChange: 1313206319
> sambaHomePath: \\SRV2\homes\craig
> homeDirectory: /home/craig
> description: Craig is a local user
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: sambaSamAccount
> objectClass: top
> objectClass: calEntry
> gidNumber: 100
> sambaDomainName: AZAPPLE
> givenName: Craig
> sambaHomeDrive: h:
> sambaNTPassword: REMOVED
> sn: White
> loginShell: /bin/bash
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 2
> # numEntries: 1
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos




More information about the CentOS mailing list