ldap lpPassword and ntPassword fields

Matthew Chapman s2232203 at cse.unsw.edu.au
Tue Dec 15 18:37:32 GMT 1998

Jean Francois Micouleau wrote:
> > ldap database b) transmitted over-the-wire in the clear.
> You want the ldap server on the same machine as the samba server as in NT
> 2000 {:-). In fact the ldap_bind call should be done on the loopback
> interface, ie :
> > this needs to be resolved before this code can go into production.
> remove the ldap host server param from smb.conf and force the
> ldap_bind on

Yep, ok, but some people will want to point Samba at existing LDAP servers
somewhere else. If you recommend replicating to a local LDAP server than
the replication happens in the clear which isn't nice either...

Seeing many people are happy with registry hacks to enable
totally cleartext passwords (not even hashes), I don't think this is such
a big issue. But it's certainly something I would like to look into
improving at some point.


More information about the samba-technical mailing list