Luke Kenneth Casson Leighton
lkcl at switchboard.net
Sun Jan 17 17:52:24 GMT 1999
On Sun, 17 Jan 1999, Matt Chapman wrote:
> Then again, many people send their smbpasswd files to this list, and that
> contains much more of the same.
smb.conf files, yes: smbpasswd no. oh, you mean to samba at samba.org (which
i'm not on)?
> > matt, we *have* to do something about this.
> Yep, that much I agree with :-)
> Although newer servers do support some cool stuff I think we have very little
> chance of doing any sort of passthrough CIFS authentication against a dumb LDAP
> server; so we will still need to obtain the cleartext-equivalent hashes at the
> Samba server to generate challenge responses there.
you're talking about, effectively, merging a DCE/RPC interface that
accepts NETLOGON NetrSamLogon requests onto an LDAP server, making the
LDAP server the PDC.
> At the moment my best suggestion is to use an encrypting LDAP server or SSL.
can you put SSL hooks into your ldap code easily?
More information about the samba-technical