Discussion:
[Samba] SAMBA-FREERADIUS-LDAP
stefano malini
2012-04-26 07:43:18 UTC
Permalink
Hi,
this is my first e-mail on this list and am newbie of samba also.

I'll explain you what i'd like to do with my lan and i ask you some advices.

I've got a Debian Squeeze server. I installed an LDAP server with some
groups and users.

The LAN has a computer room with 30 pc Ubuntu.
In addition to these there are others computers will can connect to the
LAN using wireless connection and they can have differents operating
systems (Mac, Windows, Ubuntu).
I want that every user can connect using a computer of the room or his
own computer. Every user will be registered on the LDAP server.
I want that every user will have his home directory on the server and
not on the client.

I can configure only the clients of the computer room but i can't
configure the others (Mac, Windows, Ubuntu) because i'll not be on the
place so, i'll not use Winbind. I want, if possible, configure
Freeradius for the wireless authentication using LDAP credentials.
After this authentication the user will can enter in his home directory
on the server

What do you think?
Thanks
Z.
Helmut Hullen
2012-04-26 08:55:00 UTC
Permalink
Hallo, stefano,
Post by stefano malini
The LAN has a computer room with 30 pc Ubuntu.
In addition to these there are others computers will can connect to
the LAN using wireless connection and they can have differents
operating systems (Mac, Windows, Ubuntu).
I want that every user can connect using a computer of the room or
his own computer. Every user will be registered on the LDAP server.
I want that every user will have his home directory on the server and
not on the client.
We try/evaluate a solution for this problem on/in some schools.
No "freeradius", no LDAP.

The clients try to login into the samba domain on the Linux-/Samba
server, they must have a linux-/samba account on this server. That's
all.

No Microsoft domain, no machine account or so. Quite simple.

The next probably problem (not related to samba): the server also works
as a communication server, as a proxy server for surfing. We have
defined that using the proxy server requires an authentication (with the
linux account) - it works.

No Microsoft domain, no winbind etc.
The client works as a kind of thin client. It must have an OS which can
mount samba shares - that's enough.

Viele Gruesse!
Helmut
stefano malini
2012-04-26 09:44:02 UTC
Permalink
Wow, this is a good idea. I'll think about a change.

I'll do some questions:

I need that after the power-on of the client, will appear the login
screen. Is this like your solution also?

I found many manuals and guide but everyone explain samba configuration
with windows, hosts, winbind, etc. and am confused about it. I don't
understand the difference on the configuration using not winbind and hosts.

Which proxy server do you have?

Did you configured also pam for the login?

Thank you
Z.
Post by Helmut Hullen
Hallo, stefano,
Post by stefano malini
The LAN has a computer room with 30 pc Ubuntu.
In addition to these there are others computers will can connect to
the LAN using wireless connection and they can have differents
operating systems (Mac, Windows, Ubuntu).
I want that every user can connect using a computer of the room or
his own computer. Every user will be registered on the LDAP server.
I want that every user will have his home directory on the server and
not on the client.
We try/evaluate a solution for this problem on/in some schools.
No "freeradius", no LDAP.
The clients try to login into the samba domain on the Linux-/Samba
server, they must have a linux-/samba account on this server. That's
all.
No Microsoft domain, no machine account or so. Quite simple.
The next probably problem (not related to samba): the server also works
as a communication server, as a proxy server for surfing. We have
defined that using the proxy server requires an authentication (with the
linux account) - it works.
No Microsoft domain, no winbind etc.
The client works as a kind of thin client. It must have an OS which can
mount samba shares - that's enough.
Viele Gruesse!
Helmut
Helmut Hullen
2012-04-26 09:56:00 UTC
Permalink
Hallo, stefano,
Post by stefano malini
I need that after the power-on of the client, will appear the login
screen. Is this like your solution also?
No - that's at least impossible for private machines.
Our school machines can show such a screen via autostart (or something
like this).
Post by stefano malini
I found many manuals and guide but everyone explain samba
configuration with windows, hosts, winbind, etc. and am confused
about it. I don't understand the difference on the configuration
using not winbind and hosts.
If I have understood the relations (and I'm not sure): you don't need
"winbind" if you only use a samba server (and no microsoft server).
Post by stefano malini
Which proxy server do you have?
We use squid - works fine.
Post by stefano malini
Did you configured also pam for the login?
No - we use slackware as base distribution, and slackware doesn't need
pam. But if I have understood the special pam scripts and configuration
files: may be you don't need to change them.

It's really a quite simple configuration: the server runs samba, and
samba has an smb domain (p.e. WORKGROUP) and some shares. The clients
run some application which can mount samba shares. And the user of the
client must have a linux-/samba account on the server, for logging in,
for own shares ("home"), for shared shares ("public") etc.

Viele Gruesse!
Helmut

Loading...