I made Samba talk to my LDAP server :)

Mark Lillywhite mark at tripleg.com
Wed May 6 20:42:12 GMT 1998 

Hi folks

It's been a really long time since I've been on this list, so please excuse me
if I'm butting in... but I thought you'd like to know that all my users can now
use POP, IMAP, login shells and >SAMBA< logins and with the same LDAP password
database! :))

I have implemented a rough LDAP authentication mechanism within smbd. It allows
encrypted authentication by grabbing a cleartext password from the LDAP server.
It works with my Win95 and WinNT workstation clients. I haven't tested it a
hell of a lot, however! :) It's "rough" because there are some parameters
hard-coded into it, and not all errors are checked yet. However, it's working!
If it's popular I will be happy to pass it on.

If anyone has already done this... oops (well I got to learn the LDAP library
anyway ;). But when I searched the archives last week, all I could see were
pleas for assistance, so I just did it.

The mechanism is implemented in a generic way, so any cleartext password store
could potentially be used. I'm sure samba team members could probably find a
better way to do this, but I just went ahead and did it anyway HAHA! While I
understand that storing cleartext passwords is Bad, I made the observation that
(a) it's not much better than in /etc/smbpasswd and (b) it's the only reliable
way of ensuring that ALL encryption methods will work, into the future. LDAP
will be used for more than just SMB authentication, after all. Anyway, I'm not
terribly interested in a big debate about that. The LDAP server has sufficient
security measures for my purposes. (I'm using the UofM LDAP server BTW)

If anyone is interested in this, please contact me. I'm particularly interested
in talking with some samba developers, in the off chance that they're
interested in this, and so I can get some feedback on better ways to go about
it. I haven't got any patches yet, I would like to be able to put some
parameters into the smb.conf file, but I haven't figured out how to do that,
yet. I did this under 1.9.18p4. It also doesn't currently support password
changing, though that should be pretty easy actually.

So, please let me know if this is useful to anyone!

Regards,
Mark

-- 
Where do you want to go today, boy?

More information about the samba mailing list