[Samba] Insecure smbpasswd with ldap ??

Andrew Bartlett abartlet at samba.org
Wed Apr 23 15:12:25 GMT 2003

On Thu, 2003-04-24 at 01:00, Gregory Hinton Nietsky wrote:
> hi there i have recently moved all users to LDAP and incorporated the
> Samba schema i have allocated servers read only access to the data
> except for what is required ie lmpass ... ntpass .. what disturbs me is
> that smbpasswd demands write access to
> uid,rid,primarygroup,cn,displayname i would rather it did not do this i
> fully understand why samba requires write access to other attr's in fact
> in my config these are read only except for servers ...
> im going to be hacking away at the code to change this and was hopeing
> someone out there would agree in the logic that samba should write to as
> little as posible ...

Samba 3.0 now makes minimal possible change.  But as smbclient must
modify password values, most people just give it manager credentials.

Andrew Bartlett
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030424/73dbf117/attachment.bin

More information about the samba mailing list