[Samba] samba password hashes exposed to ldapsearch
Chuck Kollars
ckollars9 at yahoo.com
Tue Jul 29 20:07:05 GMT 2008
> ... I see that the samba password hashes are shown with a simple
> ldapsearch command. ...
I do not have this problem. My /etc/openldap/slapd.conf includes the lines at the end of this message. The passwords are not visible via ldapsearch, yet the Samba on the same machine can still access them (probably because it runs as "root").
(The lines also include a provision for syncrepl replication, which probably isn't relevant to Samba usage.)
-Chuck Kollars
### set up some restrictions to not make passwords visible
access to attrs=sambaLMPassword,sambaNTPassword,MMSNumber,userPassword
by dn.exact="cn=ReplicateUser,dc=ipswichschools,dc=org" read
by * auth
# Default read access to everything else
# (should be last to act as "default")
# (not optional - without this it doesn't work right)
access to *
by * read
More information about the samba
mailing list