Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] using samba with sssd

88 views
Skip to first unread message

Andreas Matthus via samba

unread,
Oct 6, 2016, 3:10:03 AM10/6/16
to
Hallo,

it ist possible using samba with authenfication over sssd?
I have two different openLDAP-server on different places. Each give
logins for ssh, su, samba and many other thinks. In samba I use
passdb backend = ldapsam:ldap://...
The uid/gid-numbers differ, that by merging no overlapping exist.
Now I try using sssd and it work fine for su and ssh (over nsswitch and
pam). It enable logins independent of LDAP-source. But for samba I can't
find a solution working too.

In future I should like to use a thrid source which is not in my own
hand. In this way merging my own LDAPs in one server is not a solution.

Has somebody a advice?

with regards
Andreas Matthus

--
Dipl.-Phys. Andreas Matthus
Netzwerkadministrator

Technische Universität Dresden
Fakultät Architektur
01062 Dresden
Tel.: +49 (351) 463-33909
Fax: +49 (351) 463-36120
E-Mail: andreas...@tu-dresden.de


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Rowland Penny via samba

unread,
Oct 6, 2016, 3:20:03 AM10/6/16
to
On Thu, 6 Oct 2016 09:04:41 +0200
Andreas Matthus via samba <sa...@lists.samba.org> wrote:

> Hallo,
>
> it ist possible using samba with authenfication over sssd?
> I have two different openLDAP-server on different places. Each give
> logins for ssh, su, samba and many other thinks. In samba I use
> passdb backend = ldapsam:ldap://...
> The uid/gid-numbers differ, that by merging no overlapping exist.
> Now I try using sssd and it work fine for su and ssh (over nsswitch
> and pam). It enable logins independent of LDAP-source. But for samba
> I can't find a solution working too.
>
> In future I should like to use a thrid source which is not in my own
> hand. In this way merging my own LDAPs in one server is not a
> solution.
>
> Has somebody a advice?
>
> with regards
> Andreas Matthus
>

You can use sssd with Samba, but I think you are asking in the wrong
place. sssd is not a Samba product, can I suggest you ask your question
on the sssd-users mailing list

Rowland

Sketch via samba

unread,
Oct 6, 2016, 10:20:03 AM10/6/16
to
On Thu, 6 Oct 2016, Andreas Matthus via samba wrote:

> it ist possible using samba with authenfication over sssd?

You need to clarify what usage of samba you are referring to.

Samba active directory domain controller...yes. AD is LDAP-based, so it
will work with anything that uses LDAP. Also if you have a semi-recent
version of sssd (1.10+), it has a module specifically for AD:

https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server

Samba NT4 PDC...probably not. NT4 domains are too nonstandard, Samba is
basically the only thing that supports it. Samba NT4 PDCs do support
external LDAP servers, but I doubt you can have more than one directory as
a backend.

Samba file server (smbd)...probably not. It effectively supports Windows
authentication or it's own internal authentication. You might be able to
set up a samba NT4 PDC using an external LDAP server as an intermediary
between smbd. However, like above, I'm not sure if there would be any way
to merge multiple LDAP servers.

0 new messages