[Samba] samba3 and heimdal: both using ldap as backends
Gémes Géza
geza at kzsdabas.sulinet.hu
Sun Mar 19 05:58:28 GMT 2006
Andreas Hasenack írta:
>Em Sáb 18 Mar 2006 13:54, Gémes Géza escreveu:
>(...)
>Thanks, it worked (somewhat) after I ran "kpasswd" for that user.
>
>
>
>>An example ldif:
>>
>>dn: uid=test,ou=users,dc=example,dc=net
>>
>>objectClass: person
>>
>>objectClass: organizationalPerson
>>
>>objectClass: inetOrgPerson
>>
>>objectClass: posixAccount
>>
>>objectClass: top
>>
>>objectClass: shadowAccount
>>
>>objectClass: sambaSamAccount
>>
>>objectClass: krb5Principal
>>
>>sn: Account
>>
>>userPassword: {SASL}test at EXAMPLE.NET
>>
>>
>
>I see you are authenticating simple binds with an SASL mechanism. I assume
>it's gssapi? Via saslauthd?
>
>
>
Yes I have saslauthd options set to:
-n 3 -c -l -a kerberos5
via /etc/default/saslauthd:
# This needs to be uncommented before saslauthd will be run automatically
# START=yes
START=yes
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
PARAMS="-n 3 -c -l"
MECHANISMS="kerberos5"
and an /usr/lib/sasl2/slapd.conf, which reads:
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
keytab: /etc/krb5.keytab
This saslauthd setup works both for slapd and cyrus-imap
Regards
Geza
More information about the samba
mailing list