Getting OpenLDAP to auth users against sambaNTPassword

Andrew Bartlett abartlet at
Thu Jun 19 10:21:20 GMT 2003

On Thu, 2003-06-19 at 19:45, Volker Lendecke wrote:
> On Thu, Jun 19, 2003 at 07:00:45PM +1000, Andrew Bartlett wrote:
> >  - We can't do an LDAP bind the authenticate the user, even to an
> > NTLMSSP aware server.
> Just curious: Wouldn't it be possible to implement the protocol ideas we use
> against a NT DC in LDAP extensions? Or simply use SSL and send our chosen
> challenge to the LDAP server along with the bind request?

We could write an auth plugin to do it, certainly.  We still need part
of the LM hash for some of the password change stuff, but that was one
of the ideas behind the auth subsystem.

To act as a DC however, we need to be able to specify the challenge and
response, as you note.  I'm not sure it gains us anything, but we
certainly could do it.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list