Hallo,
yes I can use multiple LDAP-sources to local login, su and ssh. That is fine (The uid and gid are differ in all of them, so merge is possible).
But I search for a solution to use the logins for samba too. The samba-mailinglist say: That is not our problem - ask sssd. So I do that ;-) Can someone help me?
with regards Andreas Matthus
On Thu, Oct 06, 2016 at 04:20:23PM +0200, Andreas Matthus wrote:
Hallo,
yes I can use multiple LDAP-sources to local login, su and ssh. That is fine (The uid and gid are differ in all of them, so merge is possible).
But I search for a solution to use the logins for samba too. The samba-mailinglist say: That is not our problem - ask sssd. So I do that ;-) Can someone help me?
First, SSSD does not support NTLM, so only Kerberos authentication is available. Which among other things means that you have to use the fully-qualified DNS name of the server to accces the share and cannot use short (NetBIOS) names or IP addresses.
To allow Samba to server multiple domains which do not belong to the same forest you have to setup multiple samba instances. https://wiki.samba.org/index.php/Multiple_Server_Instances might be a good starting point. But please note that this document is dated and things might be different with current Samba versions. Additionally it might be more 2016ish to run Samba in containers for this purpose. Your favourite search engine might give you some good starting points if you e.g. search for "samba docker".
HTH
bye, Sumit
with regards Andreas Matthus
-- Dipl.-Phys. Andreas Matthus Netzwerkadministrator
Technische Universität Dresden Fakultät Architektur 01062 Dresden Tel.: +49 (351) 463-33909 Fax: +49 (351) 463-36120 E-Mail: andreas.matthus@tu-dresden.de
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
sssd-users@lists.fedorahosted.org
-
Andreas Matthus -
Sumit Bose