[nflug] openLDAP cheats

Darin Perusich Darin.Perusich at cognigencorp.com
Wed Dec 20 14:33:06 EST 2006 

yes it is still possible, i was just throwing out an example which would
work in most business environments.

it would basically work in the same fashion but you'd have to configure
samba so SECURITY = USER and still configure the server at the OS level
as an ldap client.

you have many options for which ldap implementation you wish to run,
openLDAP, Sun DS, eDirectory, Fedora DS. while openLDAP comes with every
linux distro i recommend Sun DS and then Fedora DS which origionated
from SunDS when it was netscape/iplanet DS.

this is the best resource for setting up ldap/DS for client auth on
linux and solaris. i've been using these howto's for along time and i've
contributed to them.

http://web.singnet.com.sg/~garyttt/

Should you decide to go with SunDS or not this read is very informative.

http://www.thebergerbits.com/Beginners_Guide_to_SunONE_DS.pdf

eric wrote:
> Darin, I don't want to use a windows AD server, don't have one - don't
> want one, is it still possible to do
> 
> 	  ldap
> 	   /\
>         /  \
>        /    \
>       -      -
> desktop       samba
> 
> 
> 
> Darin Perusich wrote:
> 
>> eric wrote:
>>  
>>
>>> So, my beginning question is, can an (LDAP) client on a desktop use an
>>> LDAP server to logon another server serving samba 'user' shares?
>>>    
>>>
>> the simple answer is yes, but there are many ways to implement this.the
>> only thing samba cares about is that the username you're trying to
>> connect as is a valid unix account as well.
>>
>> one way to set this up would you to setup an windows Active Directory
>> domain (yuck) and join the samba server to it as a member server. then
>> set the samba option 'password server' to the AD controller. configure
>> the samba server at the OS level to be an ldap client against the AD
>> controller. samba has a bunch of ldap options which you could use but
>> i've never played with them before.
>>
>>  
>>
>>> Computer --> LDAP server --> Samba server
>>>
>>>    
>>>
>> 	ldap
>> 	 /\
>>        /  \
>>       /    \
>>      -      -
>> desktop       samba
>>
>>  
>>
> 
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug

-- 
Darin Perusich
Unix Systems Administrator
Cognigen Corporation
395 Youngs Rd.
Williamsville, NY 14221
Phone: 716-633-3463
Email: darinper at cognigencorp.com
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug

More information about the nflug mailing list