Date: Thu, 27 May 2004 16:31:36 -0400 From: Bart Silverstrim <bsilver@chrononomicon.com> To: Vince Hoffman <jhary@unsane.co.uk> Cc: freebsd-questions Questions <freebsd-questions@freebsd.org> Subject: Re: LDAP Message-ID: <D9800280-B01C-11D8-B5C2-000A956D2452@chrononomicon.com> In-Reply-To: <20040527203422.F82556@unsane.co.uk> References: <12608007-B007-11D8-B5C2-000A956D2452@chrononomicon.com> <2459CD9C-B014-11D8-B5C2-000A956D2452@chrononomicon.com> <20040527203422.F82556@unsane.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 27, 2004, at 3:49 PM, Vince Hoffman wrote: > > I'm using it to store posix and samba users, handles XP and 2k > authentication fine (dont have any 9x on the network,) All i'm doing is > runing a samba PDC for a small network, and am using ldap as it means > its > easy to have a BDC if needed and using pam_ldap and nss_ldap i can > centralise my user database, anything that supports pam authentication > is > authenticated again it (ie. the external ftp site, uw-imap, smtp auth > (sasl2 using pam) and shell logins where needed, as well as the > internal > windows domain, (xp and 2k workstations, samba servers)) > If your interested who uses samba and how many users then look here > http://samba-survey.sernet.de/commit.html? > action=sort&order=file_sharing_clients&dir=desc&index=0 > Maybe I'm approaching this the wrong way then. I have multiple locations (VPN connected) with Windows2000/Win9x clients. I need them to authenticate username/password pairs. I wanted to use LDAP so that I could also eventually use the same directory for a new email server to use as an authentication backend. Depending on how the project would go, I'd like to have directory lookups also work from this in email clients (in-house mail directory, information on what room a staff member is based in, etc.) Basically a central repository of directory information. I would like to get some information like membership attributes...i.e., Bob is a member of "administrators". Sue is a member of "ourbuilding_secretaries", and Alanis is also a member of "building2_secretaries", so I can set share permissions on Samba for common sharepoints. Would a better approach be to have Samba set up on these authentication servers, pointing to an LDAP backend? FreeBSD can use PAM easily? (I've had to jump into Linux authentication for a RADIUS project many moons ago, but haven't had to reconfigure anything regarding authentication under FreeBSD before...please forgive the naivety :-) Is there a way to have LDAP also handling the memberships, etc. for the NT machines to understand the memberships for authorization of access to shares, etc...so that it would be easy to spread this out to cache machines in other buildings? If it can all be handled via LDAP, I hoped slurpd would be all that's necessary on a set of SAMBA servers to keep our databases in sync in each building...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D9800280-B01C-11D8-B5C2-000A956D2452>