Samba + LDAP

To: debian-user@lists.debian.org
Subject: Samba + LDAP
From: Christian Pinedo Zamalloa <christian.pinedo.zamalloa@gmail.com>
Date: Tue, 19 Sep 2006 22:33:50 +0200
Message-id: <[🔎] 20060919203350.GA3982@tartalo.rebelbase.dydns.org>
Mail-followup-to: Christian Pinedo Zamalloa <christian.pinedo.zamalloa@gmail.com>, debian-user@lists.debian.org

hi all,

i am mounting a box with samba (PDC) with LDAP as the authentication
database.  There are a lot of howtos available in Internet about this
topic but I have a question.

To implement mapping within Unix IDs and Windows Domain Identifiers is
needed to use PAM (pam_ldap.so) and nsswitch (nss_ldap). My problem is
that I don't see the need for pam_ldap.so module. I understand the
necesary use of nssitch to indicate to the OS the location of users,
passwords, ...  databases. But why is needed that the OS can
authenticate the users defined in the LDAP database ?? I understand that
the users are authenticated by samba and the OS only need to map UIDs.

Futhermore, I want that the users defined in LDAP database have _only_
access to Samba (no to ssh, tty, ...). But these howtos recomend to edit
the next files:

* /etc/pam.d/common-auth
* /etc/pam.d/common-account
* /etc/pam.d/common-password
* /etc/pam.d/common-session

And, this files are included by others files /etc/pam.d/login,
/etc/pam.d/chsh, /etc/pam.d/chfn, /etc/pam.d/cron, /etc/pam.d/login,
/etc/pam.d/su, /etc/pam.d/ssh, .... 

In resumen. I don't understand in this case the need for pam_ldap.so in
the system pam files and I would like to known what files /etc/pam.d/*
edit in order to limit the LDAP users exclusively to Samba.

Thanks,

-- 
Christian Pinedo Zamalloa

Reply to:

Prev by Date: kernel --append-to-version
Next by Date: Re: Disneys
Previous by thread: Re: kernel --append-to-version
Next by thread: Cyber Cafe Manager
Index(es):
- Date
- Thread