Samba authentication against Active Directory via LDAP

As usual, samba only accepts usernames that also exist in the unix password database (/etc/passwd) . It is also necessary to have a dedicated "bind user" account as mentioned in my previous post. The following are the samba options that need to be tweaked.

security = SERVER
obey pam restrictions = Yes
password server = name_or_ip # not sure if really needed
passdb backend = ldapsam:ldap://name_or_ip
passwd program = /usr/bin/passwd %u
log level = 3 passdb:10 auth:10 winbind:2 # set to zero if it works
domain master = No
ldap admin dn =
ldap group suffix = OU=company,DC=domain,DC=com
ldap suffix = DC=domain,DC=com
ldap ssl = no
ldap user suffix = OU=company,DC=domain,DC=com

If you find some redundancy you can keep it if you tell me where you found it.

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?