John, If you don't want samba to be the pdc, you can use winbindd to join it to the windows domain and I am pretty sure authentication requests are via the domain PDC (whichever way it's configured)
We have a secondary samba machine, which does just this, but against a samba/ldap pdc. The secondary (with winbindd) has no configuration for ldap in smb.conf but users authenticate against their domain credentials. man windbindd -- Regards Nick Sharp e [EMAIL PROTECTED] p 08 8373 5522 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of FC Mario Patty Sent: Wednesday, December 10, 2008 12:39 PM To: samba Subject: Re: [Samba] LDAP + Samba + Windows2003 Hi John, I'm not an expert in this field (you can see I've thrown a lot of questions into this mailing list), but I think if you just want to use ldap as linux/samba password backend, then you don't have to build a PDC. In my case it's just happen that my domain PDC installed into the same server that I use as my openLDAP server either, but to let my other samba server to authenticate against the openLDAP server, it's the pam_ldap and nsswitch.conf + ldap.conf that matter (if you use RedHat, the authconfig command and 'smbpasswd -w LDAP-ADMIN-PASSWORD-HERE will handle this for you). Another prove is my samba server workgroups differs from that of my PDC. Other point, if you want samba to authenticate against the ldap server, you do need sambaSamAccount. Posix only affects linux or unix authentication. And with your Windows 2003, linux samba PDC doesn't have to join your Windows server domain if you just want them authenticating against the ldap server. It's your windows pcs/servers that have to join samba PDC before you can authenticate against it. But if what you meant was windows to authenticate straight to ldap, I've never heard it before (in my case, it's the PDC that confirms the authentication to the ldap as its password backend - windows machines don't do that them-selves). Well, that's my little thought. But still I don't want to misslead you. Samba or Linux Gurus, please correct this. :) Cheers, On Tue, Dec 9, 2008 at 9:29 PM, Allgood, John <[EMAIL PROTECTED]> wrote: > Hello All > > > > I am new to the list and have some questions. I want to setup ldap to > authenticate for Samba and Windows 2003 server. I have done a lot of > research and everything seems to indicate that I will need to setup > Samba to be a PDC and have it join the Windows 2003 server domain and > build samba with a ldap backend. Is there another way to do this so as I > will not have to setup samba to be a PDC. I have already setup my ldap > server using posix types accounts. Is this different that the Samba > accounts. > > > > Thanks > > > > John Allgood > Senior Systems Administrator > Turbo, division of OHL > 2251 Jesse Jewell Pky. NE > Gainesville, GA 30507 > tel: (678) 989-3051 fax: (770) 531-7878 > [EMAIL PROTECTED] > > www.ohl.com > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba