Getting OpenLDAP to auth users against sambaNTPassword
Andrew Bartlett
abartlet at samba.org
Thu Jun 19 06:10:48 GMT 2003
(resending, now I'm subscribed to OpenLDAP-devel...)
As an OpenLDAP user, and Samba developer, I'm hoping we can come to some
solution to this problem:
Samba users are forced to keep two different passwords in their
directory, when just one would do. OpenLDAP is not doing
challenge-response authentication, and does not need the plaintext
password (for simple and PLAIN binds, at least).
I note with interest that there is a {LANMAN} password type available
for the userPassword attribute, but this does not quite meet the
requirements - for one thing it is case *INSENSITIVE*, which makes the
whole thing much weaker. Secondly, it's on the wrong attribute...
(Samba does not update this attribute, only it's own attributes).
Would it be possible to resolve this situation, for all our admins
sanity?
I would propose (for want a better solution) a value of
{NTPASSWORD}sambaNTpassword to tell OpenLDAP to look at Samba's
attribute for the user's password.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030619/366fa7a9/attachment.bin
More information about the samba-technical
mailing list