Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Envek2012-08-31 05:59:15
linux
Envek, 2012-08-31 05:59:15

How to authorize Samba users in external LDAP?

Hello.

To maintain a single user database, we raised the OpenLDAP server, we are transferring all systems to authorization through LDAP. (Moreover, we do not have a Windows domain and are not expected to because of the large number of Win XP Home)

Task : the user must enter a login and password when accessing the network share, Samba must request LDAP authentication. One scheme is widespread

on the Internet , in which it is necessary to give samba administrative access to LDAP and make changes to the LDAP scheme. This approach seems undesirable to me due to the fact that there should be more than one such Samba server and how they will “get along” running on the same LDAP server is not clear to me. Question

: Is it possible to provide transparent authorization for the end user on a Samba-file-server with an external LDAP, if possible without granting Samba elevated privileges and minimal interference with the structure of the LDAP database. (Here , for example, they say that it is impossible)

There is anonymous access to the LDAP server and I have already checked with the help of one lib that it is possible to authorize a user to the service via LDAP.

If someone has experience in building similar configurations, please tell, direct, explain. Thanks in advance.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
N
Nikolai Turnaviotov, 2012-08-31
@foxmuldercp

At one of the past jobs, the domain controller worked on samba under diesel fuel.
GPOs will not work with WinHome, so there is no need for more.
hm. and it is impossible to connect pam_ldap?
if samba can be authorized in the domain through kerberos, who prevents the other way around?
we have domain users on samba, ssh was perfectly authorized, it even lies somewhere as it was configured, you need to search

Report
I
Imelstorm, 2014-09-04
@Imelstorm

A very pressing question! Faced the same problem, from a samba the most primitive file-garbage with management of the rights on LDAP is required. All the manuals found on the internet seem to be shooting from a very large caliber cannon to fight sparrows.

Similar questions
R
Roman2017-08-16 16:14:51
Yes, what's the problem? 4Reply
P
Pavel Emelyanov2018-01-16 09:11:39
Why does the extensions_additional.conf file change after entering the web interface? 3Reply
D
Deleted Deleted2015-08-07 14:36:45
Iptables: port forwarding what am I doing wrong? 1Reply
Z
zhynna2015-08-07 15:28:20
Auditing user actions in Linux - how? 4Reply
A
arenami2019-12-13 05:26:48
What is the scope of the database user? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question