Samba-tng PDC- OpenLDAP - Password sync Working
Jody Haynes
Jody.Haynes at isunnetworks.com
Tue Sep 19 16:29:04 GMT 2000
I just wanted to post this to let everyone know that I got the following working:
1) Samba-TNG-2.6 as a PDC for Win2K, WinNT and Win98 clients
2) Password sync with Samba using OpenLDAP
3) Linux clients authenticating off of OpenLDAP using pam_ldap and nss_ldap.
4) pam_ldap/nss_ldap encrypted with the use of stunnel
Here is the following configuration information:
smb.conf file:
ldap suffix = "<LDAP Suffix>"
ldap bind as = "<LDAP Bind Info>"
ldap port = 389
.
.
.
unix password sync = yes
passwd program = /usr/local/samba/bin/ldapsync %u
passwd chat = *New*Password* %n\n *modifying*
My ldap sync perl script called ldapsync %u:
#!/usr/bin/perl -w
$user=$ARGV[0];
print "New Password: ";
$pass=<STDIN>;
chomp $pass;
$salt=join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64];
$pass=crypt($pass,$salt);
$FILE="|ldapmodify -D '<LDAP Bind>' -w <LDAP Password>";
open FILE or die;
print FILE <<EOF;
dn: uid=$user, ...ldap suffix...
changetype: modify
replace: userPassword
userPassword: {crypt}$pass
EOF
close FILE;
exit 0;
The best reference material to go by is the following URL for samba as a PDC and ldap:
http://www.unav.es/cti/ldap-smb-howto.html
--
Jody Haynes
----------------------------------------
iSun Networks, Inc.
Email: Jody.Haynes at isunnetworks.com
Website: www.isunnetworks.com
----------------------------------------
More information about the samba-ntdom
mailing list