Authentication Samba 3 on Active Directory

V

-Vulture-

Hi!

Our Linux-Guru wants to integrate a Samba-Fileserver in our network
which is primarily based on Win2000-PC's. We also use AD. Now he wants
to know, which attributes are essential for authentication of a user
in AD, so he can setup the LDAP on our 2 Linux-Servers to access AD
and authenticate a user if he/she logs in from one of the Linux
machines.

I have already made my own small schema-manager snap in, so i can see
all atrributes of our AD. So what should i tell him?

Thanks in advance,

Philipp Ritter
 
H

Herb Martin

-Vulture- said:
Hi!

Our Linux-Guru wants to integrate a Samba-Fileserver in our network
which is primarily based on Win2000-PC's. We also use AD. Now he wants
to know, which attributes are essential for authentication of a user
in AD, so he can setup the LDAP on our 2 Linux-Servers to access AD
and authenticate a user if he/she logs in from one of the Linux
machines.

I have already made my own small schema-manager snap in, so i can see
all atrributes of our AD. So what should i tell him?
Click to expand...

Perhaps you will receive a reply here but in general he (and you) will need
to read the relevant Samba documentations.
 
J

Joe Richards [MVP]

Not sure what you mean by the "which attributes are essential for
authentication" but pretty much every attempt I have seen of a *nix
admin to do auth against AD has either been overly complicated or
insecure. LDAP auth itself is silly, LDAP isn't an auth protocol, it is
a directory protocol, auth is a side effect. If you truly want to auth
against AD from a linux platform, use kerberos and the easiest way you
can do that is to look into the Vintela and Centrify products.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
V

-Vulture-

Not sure what you mean by the "which attributes are essential for
authentication" but pretty much every attempt I have seen of a *nix
admin to do auth against AD has either been overly complicated or
insecure. LDAP auth itself is silly, LDAP isn't an auth protocol, it is
a directory protocol, auth is a side effect. If you truly want to auth
against AD from a linux platform, use kerberos and the easiest way you
can do that is to look into the Vintela and Centrify products.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Editionwww.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
Click to expand...

Thanks for your replies,

im not very used to Linux, but i think using Kerberos and Winbind
seems to be the best method. I've found a good german tutorial, maybe
that helps:

http://www.pro-linux.de/work/server/samba3-domaene.html

Oh and because of my name: I made this mistake during registration. I
think i have changed it to my real name everywhere (Profile and
Account), but my nickname is still shown here...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Licensing: Linux/PHP auth against AD 2
Slow active directory authentication across campus backbone 14
authentication in AD problem 3
PLEASE HELP! Authentication from internet 1
Integrated Authentication and Active Directory 1
Active Directory / LDAP Problems? 1
Active Directory Authentication 1
Show User Attributes in MMC 3

Top