[PLUG] Samba, LDAP, and my sanity.
Wil Cooley
wcooley at nakedape.cc
Mon Mar 8 18:00:02 UTC 2004
On Mon, 2004-03-08 at 14:30, Jeme A Brelin wrote:
> Am I crazy? When I create users by hand, they don't authenticate. When I
> try to set "security = domain", testparm tells me it's "not recommended".
> And when I read the docs at samba.org, it appears as though this only
> works when you've got a Winders server doing the real authentication.
Right. 'security = domain' is for when the Samba server is a MEMBER of
an SMB domain, rather than domain controller or stand-alone server. One
of the latter of the two cases is what you want; both require 'security
= user'.
Exactly how are you creating users by hand? What does your smb.conf
look like? Are your LDAP ACLs too tight? Does does an entry created by
this 'by hand' method look like (hint: ldapsearch)?
> What gives? Is there a better HOW-TO on this?
Well, there are several, but taking a little time to understand LDAP
would make it easy; LDAP is a big technology to assimilate along with
the mix of Samba authentication. That said, you don't HAVE to use LDAP
if you don't need replicated authentication (such as having a Backup
Domain Controller)--you can keep everything in flat files (passwd,
smbpasswd, group) like you've always been able to with Samba 2.2.
Wil
--
Wil Cooley wcooley at nakedape.cc
Naked Ape Consulting http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
* Naked Ape Consulting http://nakedape.cc *
* Secure E-mail Server *
* Naked Ape Mail Defender http://nakedape.cc/r/md *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20040308/66659ef4/attachment.asc>
More information about the PLUG
mailing list