[Lias] OpenLDAP

Gary Reynolds gary at touch.asn.au
Wed Dec 17 12:12:01 UTC 2003 

Simon,

Have you considered having Windows authenticate against the LDAP 
directory rather than against Samba?

I use pGina to authenticate our Windows 2000 boxes here at the 
University of Sydney, and users then have a share auto-mapped to X: 
drive from our Samab 2 server. Only issue is using plain text 
passwords, but this is no major problem, especially considering you 
need an extra entity in the LDAP directory if you wish to use Samba as 
the authenticator...

My setup is essentially users are in the directory with "objectclass: 
posixAccount" and all subsequently necessary attributes, which then 
means that using PAM grants them local machine access. Each user has 
their home directory created with my import script, and the [homes] 
share in smb.conf looks after giving them a named share.

I also get the benefit of allowing special users to be Administrators, 
simply by membership of a group in the directory, meaning that by using 
their normal account they can do "administrator things" and not need to 
bother me. When I don't trust them anymore, I can remove them from the 
group ;)

Cheers,
Gary

On Wednesday, December 17, 2003, at 02:33  PM, Simon Bryan wrote:

> Hi all,
> I am trying to setup OpenLDAP and Samba 3 to replace our Windows 
> servers (bye bye
> licences).
> All seems to be working well with the LDAP server except I can't login 
> using a user
> in the LDAP directory.
> I have been following the SAMBA-LDAP-PDC Howto and the SAMBA HowTO 
> Collection and
> have managed to trouble shoot all problems so far. The documentation 
> now says that I
> should be able to login as an LDAP only user, but the users are 
> 'unknown'.
>
> I did have some issues with authconfig and ldap where it put in a 
> number of options
> which locked me out of the machine completely (no ssh or console 
> access,
> thankgoodness for Webmin!). However I have adjusted system-auth to be 
> the same as in
> the docs. Except there is a mysterious $ISA in the paths, eg
> /lib/security/$ISA/pam_env.so. I was getting errors in the message log 
> related to
> pam_ldap until I removed that from the path for the pam_ldap.so 
> entries.
>
> Any clues anyone?
>
>
> -- 
> Simon Bryan
> IT Manager
> OLMC Parramatta
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
>
-- 
Web Programmer
Faculty of Dentistry
The University of Sydney
ph: +61 2 9351 8350
fax: +61 2 9351 8333

More information about the lias mailing list