Authentication Samba 3 on Active Directory

  • Thread starter Thread starter -Vulture-
  • Start date Start date
V

-Vulture-

Hi!

Our Linux-Guru wants to integrate a Samba-Fileserver in our network
which is primarily based on Win2000-PC's. We also use AD. Now he wants
to know, which attributes are essential for authentication of a user
in AD, so he can setup the LDAP on our 2 Linux-Servers to access AD
and authenticate a user if he/she logs in from one of the Linux
machines.

I have already made my own small schema-manager snap in, so i can see
all atrributes of our AD. So what should i tell him?

Thanks in advance,

Philipp Ritter
 
-Vulture- said:
Hi!

Our Linux-Guru wants to integrate a Samba-Fileserver in our network
which is primarily based on Win2000-PC's. We also use AD. Now he wants
to know, which attributes are essential for authentication of a user
in AD, so he can setup the LDAP on our 2 Linux-Servers to access AD
and authenticate a user if he/she logs in from one of the Linux
machines.

I have already made my own small schema-manager snap in, so i can see
all atrributes of our AD. So what should i tell him?
Click to expand...

Perhaps you will receive a reply here but in general he (and you) will need
to read the relevant Samba documentations.
 
Not sure what you mean by the "which attributes are essential for
authentication" but pretty much every attempt I have seen of a *nix
admin to do auth against AD has either been overly complicated or
insecure. LDAP auth itself is silly, LDAP isn't an auth protocol, it is
a directory protocol, auth is a side effect. If you truly want to auth
against AD from a linux platform, use kerberos and the easiest way you
can do that is to look into the Vintela and Centrify products.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Not sure what you mean by the "which attributes are essential for
authentication" but pretty much every attempt I have seen of a *nix
admin to do auth against AD has either been overly complicated or
insecure. LDAP auth itself is silly, LDAP isn't an auth protocol, it is
a directory protocol, auth is a side effect. If you truly want to auth
against AD from a linux platform, use kerberos and the easiest way you
can do that is to look into the Vintela and Centrify products.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Editionwww.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
Click to expand...

Thanks for your replies,

im not very used to Linux, but i think using Kerberos and Winbind
seems to be the best method. I've found a good german tutorial, maybe
that helps:

http://www.pro-linux.de/work/server/samba3-domaene.html

Oh and because of my name: I made this mistake during registration. I
think i have changed it to my real name everywhere (Profile and
Account), but my nickname is still shown here...
 
Back
Top