vtois
asked on
Redhat Linux SAMBA (Adding Remote LDAP Authentication to a Shared Folder)
I have a linux redhat box with SAMBA running on it to authenticate a file share folder on the box to Windows users. Now, I don't have much access to this machine, nor do I have any "worth a crap" linux knowledge however I need to somehow achieve the following;
-Query a remote LDAP server to authenticate
-Still keep the current share authentication settings.
Basically SAMBA is querying another domain's list of users and allowing them access to a shared folder, I have a group of people who need access to the same folder to cooperatively work with each other but the catch is their authentication server is LDAP;
hostname authn.directory.vt.edu
password <Password>
filter (uupid=<username>)
base ou=People,dc=vt,dc=edu
port 389
There could be 50 people in that directory and I need to keep the domain users and the new LDAP users authenticated to the same folder so they can all happily Map Network Drives on Windows.
Is there a way to add remote LDAP authentication to a shared folder on SAMBA?
-Query a remote LDAP server to authenticate
-Still keep the current share authentication settings.
Basically SAMBA is querying another domain's list of users and allowing them access to a shared folder, I have a group of people who need access to the same folder to cooperatively work with each other but the catch is their authentication server is LDAP;
hostname authn.directory.vt.edu
password <Password>
filter (uupid=<username>)
base ou=People,dc=vt,dc=edu
port 389
There could be 50 people in that directory and I need to keep the domain users and the new LDAP users authenticated to the same folder so they can all happily Map Network Drives on Windows.
Is there a way to add remote LDAP authentication to a shared folder on SAMBA?
ASKER
Thank you for your response natoka, in addition to the detail;
The Linux box appearently is configured with samba to authenticate against a Windows domain so there are no local linux users, it just gets mapped appearently.
And the LDAP would need "Filtering" for authentication. In otherwords only accepting directory sharing if say, the user has the blah=Admin in the LDAP query.
Is your suggested way still possible?
The Linux box appearently is configured with samba to authenticate against a Windows domain so there are no local linux users, it just gets mapped appearently.
And the LDAP would need "Filtering" for authentication. In otherwords only accepting directory sharing if say, the user has the blah=Admin in the LDAP query.
Is your suggested way still possible?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for your time, I decided to go with WebDav feature of Apache
what you can do is, you can make samba use pam for authentication and then make pam authenticate against the ldap server and set the appropriate rights in the file system, which should prevent users that are not in the remote ldap dir from entering the directory.
So in addition to samba, you'll need the pam_ldap, pam_nss modules, a valid /etc/pam.d/samba config file authenticating against local users/groups and the remote ldap server and a working nss configuration (perhaps with nscd so that authentication info is cached which speeds up file access)
See:
http://ldots.org/ldap/ (for some introduction)
http://www.faqs.org/docs/Linux-HOWTO/LDAP-Implementation-HOWTO.html (to get nss working)
If you get all those things working you'll only need one more thing: a filesystem capable of ACLs. Since Samba is ACL aware the rest can then be configured using a windows machine. Or if you like to do it on *nix then you just have to give the appropriate users the rights to access the directory(ies) in question