[Samba] Samba server authenticating to NetWare server?
Chris Richardson
Chris.Richardson at icr.ac.uk
Wed Sep 22 13:18:01 GMT 2004
>>> Pierre Dinh-van <pierre at tuxfamily.org> 09/21/04 2:42 PM >>>
[About a Samba server authenticating to a Netware server by NDS or LDAP
with encrypted passwords]
> I did it a year ago against a eDirectory server, but I needed to
extend its
> schema with the samba-nds.schema (that is include in samba).
>
> <...>
>
> If you configure smbd to use LDAP as passdb, there might be no
problem. Samba
> will read the encrypted password in the samba(NT|LM)Password attribute
of the
> LDAP entry.
I had thought of using this approach, but there's an organisational
problem to do with levels of trust. I can get the samba schema
installed on the Netware server with a little persuasion. But, as I
understand it, the Samba LDAP passdb plugin wants to have an
administrative user in the LDAP database that can change samba-related
attributes for each user. This would take some political effort for me
to achieve, because the Netware server is run by a different group
within the organisation.
Using PAM modules, I can get linux logins authenticated against the
Netware/LDAP server without having to do anything to it (other than have
POSIX UID and GID information attributes added for each user). I was
hoping there would be some (secure) way to do this for Samba. It works
using PAM-Samba modules, but then Samba has to used unencrypted
passwords. I guess I'm just being optimistic.
Thanks for the comments so far,
Chris
More information about the samba
mailing list