You are not logged in. Please login or register.
iRedMail → iRedMail Support → iRedMail LDAP + Samba
Does anyone know if there is a way to make the iredmail ldap backend work with samba? I've imported the samba.schema file in slapd.conf, now I'm just unsure of exactly what attributes are required for samba's user authentication.
Thanks!
Ben
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.http://www.howtoforge.com/virtual-mail- … -pure-ftpd
you can reference the document, I think intergrate pureftpd and samba is same.
hi,
i'm using smbldap-tools (search idealx samba howto)
you can use another separate OU to authenticate or set your users as smbuser class then use smbldap-tools with correct OU to authenticate
do not forget to setup nss_ldap and pam
Thanks guys,
I'm familiar with samba ldap authentication. I'm more curious about how to make a domain(ou) be seen as a samba group, then have the users of that domain be seen as samba users.
I was able to make samba see the users by adding the posixAccount objectClass to each user. Just stuck on the group part now 
Thanks guys,
I'm familiar with samba ldap authentication. I'm more curious about how to make a domain(ou) be seen as a samba group, then have the users of that domain be seen as samba users.
I was able to make samba see the users by adding the posixAccount objectClass to each user. Just stuck on the group part now
seem impossible, account can belong to many group, but only can belong 1 OU.
Just add necessary objectClass on exist mail account, it should work as expected. No need to create addition OU or subtree.
Just add necessary objectClass on exist mail account, it should work as expected. No need to create addition OU or subtree.
+1
I am interested in this as well.
I had been running 0.6.0 for a home mail server and recently migrated to 0.7.3 (rc3, I think?)
I had previously hacked NT/LM passwords into the schema to support 802.1x MSCHAPv2 authentication for wireless links along with mail user authentication, but the proper way to do this is likely via a samba schema (since SMB uses NT/LM password hashes as well) so as to not reinvent a schema. http://www.iredmail.org/forum/topic1098 … -ones.html
I guess the way to proceed is to have IRM's LDAP backend know the appropriate samba schema and include an auxiliary sambaUser type for users (forgive me if my LDAP terminology is sloppy), and modify the PHP web server back end to update ALL password hashes instead of the one. As I recall that's what I originally did, but it made keeping up with IRM updates problematic as I had forked the code to a small degree.
I guess the most generic way to handle this is to make IRM transparent to user attribute and aux inheritance additions, and support a "hook" for user adds and changes in the PHP backend.
Comments?
(I do C/C++ dev work for a living. I am not a web app guru by any means.)
Just add necessary objectClass on exist mail account, it should work as expected. No need to create addition OU or subtree.
Well, getting samba.ldif to load took some doing: I kept trying to use ldapadd to add the schema, but it kept failing for lack of privs (error 50). Eventually just putting samba,ldif in the schema directory and including it in slapd.conf got it read so that I could add LM passwords to a user entry.
But, what I REALLY want is to use iRedAdmin to add NT/LM hashes as well as SHA password hashes, so I can then use the LDAP backend for PEAM-MSCHAPPv2 auth.
iRedMail → iRedMail Support → iRedMail LDAP + Samba
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 2 official extensions. Copyright © 2003–2010 PunBB.
Generated in 0.008 seconds (69% PHP - 31% DB) with 8 queries