Getting OpenLDAP to auth users against sambaNTPassword
rbremer at future-gate.com
Fri Jun 20 06:09:46 GMT 2003
in principle, what you can do is to pass on an NTLM password hash and
it will be compared with the stored value in the LDAP directory. As you
don't have the clear text password, you can't use a simple bind, so SASL
is the way to go. You provide the hash and NMAS will verify it. To add
to the confusion, there are also attributes defined for the NTPassword
and LMPassword hash values, whcih can be used to authenticate the user
without having the clear text passwords. These are updated automatically
if you perform a password change.
I will try to dig a better description up for you.
>>> Andrew Bartlett <abartlet at samba.org> 19.06.2003 08:22:32 >>>
On Thu, 2003-06-19 at 16:16, Ronny Bremer wrote:
> Which would also work when talking to Novell eDirectory. They have
> something called Novell Modular Authentication Services, so we can
> the NTLM hash straight to them and they will compare, works as a
> bind method via LDAP.
Is this for authenticating other things on Novell, Samba against
or Novell against samba's attribute in the Novell directory?
I'm a bit confused which interface this is.
For authenticating Samba users (domain logins/cifs connections), we
to do more than pass off the NTLM challenge-response - we need data
like the session key, and need to deal with NTLMv2 etc.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical