PDA

View Full Version : SLES11 with samba and eDirectory authentication



mvillon
21-Jan-2013, 19:01
HI. I have the following enviroment: SLES11 SP2 server + eDir 8.8 + COnsoleOne + iManager installed.. I configure samba with local user and all work ok. But now I need configure F/S with samba and eDirectory users (well in the workstations I need that with novell client authenticates to eDirectory and can access to samba share).

Is possible with novell client authentication validate the user for samba share?? o I must write the user and password for every shared folder?? .. What is the better, authentication SLES11 against eDIr or only Samba against eDirectory??

Please, I appreciate your help

Thanks

vanessa
email: vanessav@it-synergy.net

konecnya
22-Jan-2013, 19:13
In article <mvillon.5pj4kn@no-mx.forums.suse.com>, Mvillon wrote:
> Is possible with novell client authentication validate the user for
> samba share??
>
No
the Novell Client is for the NCP shares, you use the Windows built in
client for connecting to the Samba share

Do you have OES installed on this server?
<Command>cat /etc/*release</Command>
If so, you have two different ways of serving up Samba shares, one is
easy to use eDir authentication, the other I've never even looked at.


Andy Konecny
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profiles: http://forums.novell.com/member.php?userid=75037
https://forums.suse.com/member.php?2959-konecnya

mvillon
29-Jan-2013, 23:07
No, I only have SLES11 SP2 + edir 8.8, I haven't OES2

Then What is better or how I must do the authentication: SLES11 against eDIr or only Samba against eDirectory??

thanks

If have some document for some authentication for edirectory, please provide me

konecnya
31-Jan-2013, 23:53
In article <mvillon.5py9hb@no-mx.forums.suse.com>, Mvillon wrote:
> No, I only have SLES11 SP2 + edir 8.8, I haven't OES2
Just as an FYI, OES2 is only on SLES10, OES11 is only on SLES11.

> Then What is better or how I must do the authentication: SLES11 against
> eDIr or only Samba against eDirectory??
I'm normally an OES guy having come at this via NetWare, so I haven't
really worked at those levels directly, but I think I can help guide you
from what I understand of things until someone else happens to join in or
we get things sorted out for you.
We have two directions we can take this from and find where they meet.

From the Samba side, what do the docs say about the users that it
consumes? It looks like it can act like a Microsoft Domain Server (PDC
or BDC) and that it might be able to consume/participate in an existing
Microsoft authentication system, so do you have such that is part of the
equation? How does Samba interact with standard the standard Linux PAM
system?

EDir users & groups can be linked to the standard Linux PAM system with
LUM, but does LUM(Linux User Management) come with eDirectory? Check your
eDir docs for that and if so that may well be the way to go. The other
option is IDM to connect eDir to other systems, but that is likely more
than you are game for at this point.


Andy Konecny
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profiles: http://forums.novell.com/member.php?userid=75037
https://forums.suse.com/member.php?2959-konecnya

Guenther Schwarz
05-Feb-2013, 23:45
mvillon wrote:

> No, I only have SLES11 SP2 + edir 8.8, I haven't OES2
>
> Then What is better or how I must do the authentication: SLES11 against
> eDIr or only Samba against eDirectory??

> If have some document for some authentication for edirectory, please
> provide me

As far as I understand your question you want to use samba.org (not
Novell CIFS) on SLES and use eDirectory for authentication rather than
local user and machine accounts. There is an old Cool Solutions article
about setting up OES as a NT-style domain controller:
http://wiki.novell.com/index.php/OES_as_PDC
I did not test if this still works with SLES11/OES11, but it might be a
starting point. I successfully followed these instructions with SLES9/OES
to give Window systems access to local file systems on the server with
smb/cifs rather than ncp.

G√ľnther

jwilleke
09-Feb-2013, 11:29
You can certainly implement user authentication using LDAP against eDirectory.

You would need to extend your eDirectory schema, if it is not, to add the posixAccount and posixGroup.

We have some generic information (http://ldapwiki.willeke.com/wiki/LDAP%20for%20Linux%20and%20Unix%20Clients).

You can use Yast to configure SuSe.
You can even enable Samba authentication from LDAP.

mvillon
14-Feb-2013, 22:51
Yes thanks for your answers .. I authenticated SUSE 11 against eDirectory, I followed the URL: http://www.novell.com/coolsolutions/feature/5811.html

And configure samba against edirectory with : http://www.novell.com/coolsolutions/appnote/11788.html#7

But I must add every edir user to samba password with smbpasswd -a userX.

Have you some ways to avoid this procedure?? .. I'd like authenticate samba against edir without Novell Client, maybe "authenticating Windows users without the novell client".

Thanks again

Vanessa

mvillon
14-Feb-2013, 23:09
Well. I need to share some folder from SLES11 with windows workstations (users). I have installed edir in my SLES11 server then I'd like use edir like password repository .. How Can I authenticate samba against edir for that windows user can manage shared folders from SUSE server .. with

http://www.novell.com/coolsolutions/appnote/11788.html#7

I have shared folders and samba authentication but: a. I must add every edir user to samba and b. later from windows I must write the user to authenticate and view folders ..

I hope to be more clear

thanks