Samba with LDAP or Kerberos Backend
rapatel at optonline.net
Wed Jun 2 01:21:04 GMT 2004
Dhruv, are you using pam_krb5 for LDAP to authenticate using Kerberos for
interactive LDAP binds where the user sends a DN and password to bind to
If your goal is to ensure a single user/password authentication and you
using Kerberos, then you may wish to consider simply using Kerberos for
LDAP (I assume
OpenLDAP?) authenticaiton and for Samba authentication. [If the LDAP
only use SASL/TLS or SSL, then the password would need to be sent to the
and the server will have to use Kerberos authentication via PAM or other
I would avoid using LDAP authentication if you are already using
Kerberos. It is much
safer to attempt to use kerberos keys accross the board if you can, but
all the clients you use must support Kerberos (preferably through GSSAPI).
Hope I haven't confused you any further.
Dhruv Soi wrote:
>I have configured LDAP with pam module to authenticate user accounts, where
>LDAP is using kerberos database in the backend. Could anyone suggest me how
>it is possible with samba. My only requirement is that
>1. Samba Passwords should be same as user passwords. And user can change
>that by sitting on windows terminal and Samba should not work as PDC.
> a.. Either i can do if theres any option that ldap's lmPassword and
>ntPassword should match value in userPassword schema.
> b.. Samba could fetch same userdatabase that ldap is fetching i.e. from
>kerberos either using ldap or by its own.
>Any help would be highly appreciated.
>I have configured samba with ldap backend but when a user change password he
>could not do it for samba and local account in one shot. Either i have to
>write script ro whatever but i think any of the above solutions should also
>PS: I am fed up by making all sort of Research. Please Help!!!
More information about the samba-technical