[Samba] Re: Samb a 3.0.5 LDAP Question
Alexander E. Patrakov
patrakov at ums.usu.ru
Wed Aug 18 09:08:47 GMT 2004
Jeff Saxton wrote:
> I already have LDAP setup fro other purposes and I'm using {MD5}
> passwords in ou=people,dc=mycompany,dc=com
> What are the correct settings in smb.conf?
>
> is is possible to use stored md5 passwords?
>
> Thanks in advance
SAMBA has to authenticate clients using the information that Windows
provides. And windows only knows how to provide Windows-specific LM and
NT hashes. This is not a problem since SAMBA stores these hashes in LDAP
and never uses the actual LDAP password. If you want anything else to
authenticate against LDAP password, you must tell SAMBA to update it as
well by setting "ldap password sync = yes" (but remember, SAMBA never
reads it). Of course some ACLs must be in place on LDAP server, like these:
access to dn.base=""
by users read
by * none
access to dn.base="cn=Subschema"
by users read
by * none
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by group="cn=LdapAdmins,ou=Security,dc=dialog,dc=usu,dc=ru" write
by anonymous auth
by self write
by * none
access to attrs=@posixAccount, at posixGroup,ou,entry
by group="cn=LdapAdmins,ou=Security,dc=dialog,dc=usu,dc=ru" write
by * read
access to *
by group="cn=LdapAdmins,ou=Security,dc=dialog,dc=usu,dc=ru" write
by self read
by * none
--
Alexander E. Patrakov
More information about the samba
mailing list