[Samba] samba with ldap and digest-md5
Tarjei Huse
tarjei at nu.no
Mon Oct 18 15:46:00 GMT 2004
Hi again,
> Also, there is a patch to cyrus-sasl so that cyrus-sasl can use domain
> to check if a user is authenticated. I haven't tested it, but if I've
> understood the patch correctly then the patch may be used to grant
> clients SSO to saslenabled services. (Abartlett: yes or no?)
Just for the record. Abartlet answered yes on this question.
Tarjei
> Even if it doesn't do that, you'll get a more secure passwordexchange
> than just plaintext for those clients.
>
> Also, there's a module to Openldap 2.2.x that makes Openldap take over
> the job of syncing passwords between the differen hashes stored in the
> database. It might be worth looking at that.
>
> Tarjei
>
> >
> > Here are relevant details from smb.conf:
> > security = user
> > encrypt passwords = yes
> > smb passwd file = /etc/samba/smbpasswd
> > unix password sync = Yes
> > passwd program = /usr/bin/passwd %u
> > passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> > *passwd:*all*authentication*tokens*updated*successfully*
> > pam password change = yes
> > encrypt passwords = yes
> > smb passwd file = /etc/samba/smbpasswd
> > obey pam restrictions = yes
> > domain master = yes
> > local master = yes
> > domain logons = yes
> > add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'
> > delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'
> > add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m
> > '%u' '%g'
> > delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl
> > -x '%u' '%g'
> > set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g
> > '%g' '%u'
> > add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' &&
> > /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print
> > $2}'
> > delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'
> >
> > passdb backend = ldapsam:ldaps://newser1.cpc.net.au smbpasswd guest
> > ldap admin dn = uid=administrator,ou=System,ou=People,dc=cpc
> > ldap port = 389
> > ldap suffix = dc=cpc
> > ldap machine suffix = ou=Hosts,ou=System
> > ldap user suffix = ou=People
> > ldap group suffix = ou=Group
> > ldap machine suffix = ou=Hosts,ou=System
> > ldap user suffix = ou=Utiba,ou=People
> > ldap group suffix = ou=grpUtiba,ou=Group
> >
> > smb.log :
> > ldap_connect_system: Binding to ldap server ldaps://newser1.cpc.net.au as
> > "uid=administrator,ou=System,ou=People,dc=cpc"
> > [2004/10/19 01:54:31, 2] lib/smbldap.c:smbldap_connect_system(796)
> > failed to bind to server with dn=
> > uid=administrator,ou=System,ou=People,dc=cpc Error: Invalid credentials
> >
> > Regards,
> >
> > Ben
> >
> > _________________________________________________________________
> > Don't just search. Find. Check out the new MSN Search!
> > http://search.msn.com/
> >
> --
> Tarjei Huse <tarjei at nu.no>
>
--
Tarjei Huse <tarjei at nu.no>
More information about the samba
mailing list