Changes

From SME Server
Jump to navigationJump to search
1,043 bytes added ,  21:57, 29 November 2014
no edit summary
Line 203: Line 203:  
Need to look at the LDAP authentication backend and mechanism on SME.  On the surface, it looks like all of the Samba related LDAP code will be dropped and much of the standard authentication code will need to be converted to Active Directory auth.  This task should include looking at openldap-proxy.
 
Need to look at the LDAP authentication backend and mechanism on SME.  On the surface, it looks like all of the Samba related LDAP code will be dropped and much of the standard authentication code will need to be converted to Active Directory auth.  This task should include looking at openldap-proxy.
   −
==Local and Samba Authenticaion==
+
==Local and Samba Authentication==
#'''Local Authentication''':  Samba 4 provides support for local authentication through PAM.  This will need to be looked and and sorted out, especially as it relates to the previous LDAP authentication work.
+
#'''Local Authentication''':  Samba 4 provides support for local authentication through PAM.  This will need to be looked and and sorted out, especially as it relates to the previous LDAP authentication work.  Consider replacing with SSSD.
 
#'''Updates to esmith::util perl module''':  This perl module contains function for setting and modifying user passwords.  We will need to redesign these functions to integrate with AD.  Specific changes:
 
#'''Updates to esmith::util perl module''':  This perl module contains function for setting and modifying user passwords.  We will need to redesign these functions to integrate with AD.  Specific changes:
 
#*''setSambaPassword function'':  This function needs to be completely re-written to set the Active directory password instead of the old samba password in smbpasswd
 
#*''setSambaPassword function'':  This function needs to be completely re-written to set the Active directory password instead of the old samba password in smbpasswd
Line 210: Line 210:  
#*''local password functions'':  We need to look at these once we decide how we are going to handle local authentication on SME with Active directory.
 
#*''local password functions'':  We need to look at these once we decide how we are going to handle local authentication on SME with Active directory.
 
#*''ldapPassword function'':  Need to look at this and likely deprecate it, as we will likely set active directory passwords differently.
 
#*''ldapPassword function'':  Need to look at this and likely deprecate it, as we will likely set active directory passwords differently.
 +
 +
==Home directories and Homes Shares==
 +
Samba 4 changes the way Samba used to handle home directories. 
 +
#  Samba 4 does not use the [homes] share with the [home] share. 
 +
#  With respect to the [home] share, Samba 4 currently does not expand the %S variable in the smb.conf file due to a bug with Samba 4.  Therefore, this will not work for us to share home directories:  /home/e-smith/files/users/%S/home.  Instead, we may be able to use this:  '/home/%WORKGROUP%/%ACCOUNTNAME% and them link (symlink/hardlink) this to our current home directory structure so that we can share the home dirs via samba.
 +
#  We need to look at the "template homedir" configuration parameter in smb.conf and/or SSSD, as this may allow us to create home directories easier on a new user create event.
 +
#  The Samba active directory includes two attributes for home directories:  homeDirectory (used by windows) and unixHomeDirectory(used by *nix).  The current unixHomeDirectory attribute doesn't seem to be fully utilized by Samba.
    
==Other Development Tasks to Research and Complete==
 
==Other Development Tasks to Research and Complete==
board, director
297

edits

Navigation menu