[Samba] LDAP + samba + unix authentication
Beast
indorama at rad.net.id
Thu Jan 15 04:45:05 GMT 2004
On Wed, 14 Jan 2004 13:16:37 -0800
Adalid Bruno <adalidb at sco.com> wrote:
> Hi,
> After a lot of trial and error I managed to get ldap + samba 3 running.
> Samba now authenticates through ldap. But somehow the difference between
> a unix and a samba login still exists.
>
> I use smbldap-useradd.pl to create an ldap entry. There are two options:
> With the "-a" option the entry contains the objectClass
> "sambaSamAccount", and a lot of Windows related attributes.
> Without the mentioned option, the program creates an entry with
> objectClass "posixAccount" and the normal nss attributes.
>
> Through smb.conf I have defined smbpasswd to use smbldap-useradd.pl to
> update the passwd in the ldap directory.
>
> So, now I still have to have two entries per user in the ldap directory
What do you mean with 2 entries? 2 separate dn?
Why not putting on same entry?
> because with the sambaSamAccount userPasswd is {SHA}encrypted and with
> the posixAccount the userPasswd is {CRYPT} encrypted. Though two entries
Afaik, no userPasswd in samba schema, from where you got it?
> in LDAP is much more maintainable than anything I have seen before, I
> still have the idea that things can be solved more gracefull, with one
> entry and an automised password sync between unix and samba.
>
> Any suggestions?
Since you're using custom scenario, you have to made customs "passwd program" to update both entries.
Don't forget to set "unix password sync" to yes.
>
> ****
> Robert,
>
> Have you tried SCO Vintella for the password authentication?
No, thank you :-)
--beast
More information about the samba
mailing list