Hello Andres,
Am 15.08.2013 18:45, schrieb Andres Tello Abrego:
I want to achieve the Holy Gria of 1 source of users and password, for
both, linux and windows machines, but I'm lost in documentation.
So far I know:
samba4 cann't use openldap as backend.
Right.
samba4 ldap doesn't really is a full ldap.
What do you mean by "is not a full ldap"?
samba4 provides uid/gid mapping using winbind or nlscd
Samba AD provides the backend, where the accounts are stored. To get the
users to your local *nix system, you can use winbind, nslcd or sssd.
Can I impelement "remote winbind" at remote linux client machines?
What is "remote winbind"?
Do I need to setup a openldap proxy?
I would only use an openldap proxy to AD in my DMZ, because this
prevents me from having a Samba AD installation there with all that open
ports and Winbind on all DMZ machines.
If I setup an openldap proxy, should I use winbind or nslcd?
If you get your information from AD via a LDAP proxy, I guess the only
solution are LDAP based tools like nslcd. I think Winbind can't access
through an LDAP proxy, because it uses more than LDAP to talk to the DC
(rpc or whatever).
openldap now uses automatic configuration, any clue to implement the
openldap proxy with this type?
Automatic configuration?
Here I placed e. g. a solution for an openLDAP proxy and examples for
how to connect other services:
https://wiki.samba.org/index.php/Authenticating_other_services_against_AD
I guess it's really time, to finish my Winbind/Nslcd/SSSD page for the
different methods to get the directory users to the local system. This
questions are comming up very often meanwhile :-) I already started a
while ago. I'll try to find some time to finish and publish it next week.
Regards,
Marc
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
