On Tue, 2013-08-27 at 00:12 +0200, Marc Muehlfeld wrote: > Am 25.08.2013 09:27, schrieb Bruno Vane: > > I have some Ubuntu LTS servers running openssh server authenticating to > > external openldap. I installed a new Ubuntu LTS server with Samba4 to > > create a domain and is working very well. I managed to make a pfsense > > firewall authenticate users in this Samba4 ldap. How to make openssh in > > Ubuntu authenticate users in Samba4 ldap? > > > As the "Winbind, sshd and nslcd"-HowTo I am currently working on is > getting longer and longer, I decited to split it into the three parts, > so it won't get to confusing. Also then I can publish the already > finished and validated nslcd part. And here it is: > https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd > > > @Bruno: This HowTo should contain all the short information I already > gave you here on the list in a more detailed depth. > > > @All: Feel free to give comments. Or let me know if something is > missing/wrong. > > > Regards, > Marc
Hi 1. Nested groups work fine with nslcd. Please use the latest version: man nslcd.conf(5) 2. We really should encourage users away from plain text passwords stored in files. nslcd works fine with sasl binds. The devs have worked hard to give us Kerberos out of the box. I think we should use it: http://linuxcostablanca.blogspot.com.es/p/s4bind.html 3. nslcd is already AD aware and this is not winbind so let's keep it simple. The following lines are not required/produce errors/ slow down lookups. filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)) map passwd gecos displayName map passwd gidNumber primaryGroupID filter group (&(objectClass=group)(gidNumber=*)) map group uniqueMember member Again, it is important to use the latest version. Just my €0.02 Thank you for taking the time to document this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
