ldap lpPassword and ntPassword fields
Matthew Chapman
s2232203 at cse.unsw.edu.au
Tue Dec 15 18:37:32 GMT 1998
Jean Francois Micouleau wrote:
> > ldap database b) transmitted over-the-wire in the clear.
>
> You want the ldap server on the same machine as the samba server as in NT
> 2000 {:-). In fact the ldap_bind call should be done on the loopback
> interface, ie : 127.0.0.1
>
> > this needs to be resolved before this code can go into production.
>
> remove the ldap host server param from smb.conf and force the
> ldap_bind on 127.0.0.1
Yep, ok, but some people will want to point Samba at existing LDAP servers
somewhere else. If you recommend replicating to a local LDAP server than
the replication happens in the clear which isn't nice either...
Seeing many people are happy with registry hacks to enable
totally cleartext passwords (not even hashes), I don't think this is such
a big issue. But it's certainly something I would like to look into
improving at some point.
Matt
More information about the samba-technical
mailing list