Samba/Active Directory Guide

=Centralized authentication with Samba/Win AD = This might look a bit weird at 1st but when working on the migration from samba 3 with LDAP to samba 4 AD.

This seem to be the only choice we have as we have to remove the LDAP Server on the server that running Samba 4 AD.

Else you would have 2 server.

Windows Client using Samba 4 AD and Linux client using an LDAP Server from another which is no longer centralized and defeated the purpose.

Working method and choice
There are a few method.
 * 1) nslcd or nss_pam_ldapd
 * 2) sssd

= nslcd or nss_pam_ldapd = If you are using 64 bit system, you will need to unmask it. Add these line to /etc/portage/package.keywords

This package will provide what is currently provide by nss_ldap and also nss_pam thus the 2 package have to be removed.

Now we can start emerge nss_pam_ldapd

Configuration
There are at least 2 method to work on this solution, the result are same but the way of working it are different. Pick one...

nss-pam-ldapd Setup

Samba Wiki:Local_user_management_and_authentication/nslcd

Method 1: Connecting to AD via LDAP Bind DN and password
This method will configure /etc/nslcd.conf to make LDAP binding via an AD account. Communication with AD with this setup is unencrypted, unless your AD and nslcd had setup LDAP over SSL.

Please create a new user with username nslcdconnect and password secret.

You might need to do the following:
 * Enable - disable user change password on next logon
 * Disable - user change password
 * Enable - Password never expired.

Assuming that:


 * Samba is running locally and accessible via 127.0.0.1
 * LDAP Base DN is dc=headoffice,dc=location1,dc=company,dc=com

nssswitch.conf connfiguration
You will need to edit your /etc/nsswitch.conf according to the following. This meant that nsswitch will use the new nss-pam-ldapd module. /etc/nsswitch.conf

Executing
We can now start nslcd daemon

to check if our Samba is working fine with our local host use these to verify:

You should see your Users or Groups which have unit UID or GID.

If you don't have it. check your /etc/nslcd.conf again.

You can now add nslcd using rc-update

= External Reference =