[Samba] multiple passdb backends: ldaps for users, everything
else locally?
Paul Gienger
pgienger at ae-solutions.com
Mon Jun 21 15:03:58 GMT 2004
Marc Petitmermet wrote:
>> In your situation, you can't modify the users' entries in LDAP to add
>> the samba information either I would guess.
>
>
> correct.
>
>> For this type of a situation, use either the password file (is the
>> option smbpasswd?) or tdbsam. You don't need to specify that ldap is
>> involved at all.
>
>
> no. i want the users authenticate against the central ldap and not a
> local database/file. i don't want to maintain the username and
> passwords myself; this information is already available in the ldap
> and many other systems/programs rely on these informations in the ldap
> (almost single-sign-on). why do this twice?
If you can't add the proper object classes (sambaSamAccount) to the LDAP
datastore then you're going to have to duplicate the information
someplace. Samba doesn't authenticate against the UNIX passwd mechanism
since Windows sends non-reversable password hashes there is no way to
figure out that when it sends 1C67D5538C78A1C1687C7CE8C065684B it is
really the same as the vQIuje1XDmK/ that is in the UNIX passwd database.
I guess you could turn off encrypted passwords if you really wanted to,
but thats not really a good fix.
>
> regards,
> marc
>
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba
mailing list