Getting OpenLDAP to auth users against sambaNTPassword

[Ronny Bremer]

I have been following (or tried to ;) your discussion regarding a new
way to authenticate to LDAP directories. I think it would be very
helpful to sketch up a little document on how the mechanism works
overall, what the samba server get from the client if he is a not a DC
or what he gets from the requesting server when he is a DC, what he
provides the client with (challenge), what's need to be authenticated
against (NTLM hash) etc.

This would help me and possibly others to get the big picture right and
then we can focus on how to implement that for the various ways of
authentication against the different sources and what
attributes/mechanisms we need. It would also identify the weak parts
speaking of security.

I know all this is available on different sources but a flow chart in a
single place would really help.

You think this would be possible? I would love to contribute whatever I
know of.

Ronny