View Full Version : Is that possible to use Samba with LDAP authentication in WorkGround mode?

10th February 2007, 09:50 AM

I have used smbpasswd to maange my samba accounts all the while. Due
to the growth of network users, I feel it's tedious to mange the
accounts in smbpasswd. I have learned that LDAP can solve my problem.
Some network services like CVS, X-Windows, Telnet and FTP have
successfully working with a LDAP server I setup. However, I still
encounter problems with SAMBA using with the LDAP Server.

I have studied SAMBA HOWTO and articles that talks about LDAP.
However, these topics are always deal with PDC or Domain. I just wish
to use Samba in workgroup mode. Just like the smbpasswd ways I have
used long time ago. Is that possible to do that with SAMBA + LDAP?

Please advice.

Thank you.

10th February 2007, 10:19 AM
Samba is for reading and writing to Windows shares or to shre out a folder on the Linux box (usually a user home dir.)

LDAp to windows is mainly about getting the Windows Domian sever to act like the third party Authorization. The authorization software is onlly available on Win 2k or 2k3 sever, along with a WINS sever.

So the answer is no. The authorization 3 party in a WORKGROUP is the user knowing a password to enter whn they access the share. BOX 1 , Box2, the user make up the 3 parties.


10th February 2007, 11:56 PM
I have 2 linux machines in my office. However, I don't want to replicate the accounts in these 2 machines. Someone told me LDAP is the solution, so I try to set up and it works for many network services like ftp/telnet/cvs/x-windows... I only need to maintain accounts in LDAP servers and it can be used by other machines.

However, this solution doesn't seems to work with SAMBA. It took me so much time to figure out how to make it works. However, it seems like the only ways to get samba work with LDAP is thru' domain controller but not workgroup.

I found another solution to my problem. I do this in smb.conf:

password server=another.samba.machine (i use IP address)

and the authentication success in my Windows XP Pro machine.

However, there is some delay while trying to connect to the share. Pressing F5 to refresh the share folder will cause some delay too. I then use SWAT to check the connections and it happens the client connection port number keep renewing and thus make it slow.

11th February 2007, 08:13 AM
Well, just to try to keep it clear.

A Windows box should be able to connect to a Linux box and have the samba sever authorize it (because the user and password are in the samba sever).

But a Samba client trying to use a Windows Xp box can not be authorized except by the windows box. So Linux Box must make a connection for a specific windows user, then the windows box sends a password request back to the Linux box and the user must enter the Windows Box's user password.
(Once entered, the password can be remember by the Linux client.)

Many older distro use smbfs and incorrectly use the built in Windows management hidden shares of C$ type. These were meant for the snmp tools in windows. smbfs is depreciated and no longer in current samba. This allowed the Linux gui coders to make lookup and connection to the C$ shres (even on a Windows Xp Pro with Authorized user security. Very dangerous usage.)

So security= share is used for making L to W xp pro shares. Especially if the windows box was using dynamic drives on the data disks.

Now back to what you did, that is just authorizing a windows box to connect to your linux share.
But without a w2k sever it could not go the other direction, except for the cheaters using smbfs and snmp and the hidden windows shres c$.

I reckon it will continue to be a mixed up mess for the SOHO users for a long time, but in a corp or it setting it would never fly without 3rd party authorization.

Hence the 4 and a half year samba 4 project. (which may never actually catch up before something new comes along.)