[Samba] samba with ldap and digest-md5

Tarjei Huse tarjei at nu.no
Mon Oct 18 15:46:00 GMT 2004 

Hi again,
> Also, there is a patch to cyrus-sasl so that cyrus-sasl can use domain
> to check if a user is authenticated. I haven't tested it, but if I've
> understood the patch correctly then the patch may be used to grant
> clients SSO to saslenabled services. (Abartlett: yes or no?)
Just for the record. Abartlet answered yes on this question.

Tarjei
> Even if it doesn't do that, you'll get a more secure passwordexchange
> than just plaintext for those clients.
> 
> Also, there's a module to Openldap 2.2.x that makes Openldap take over
> the job of syncing passwords between the differen hashes stored in the
> database. It might be worth looking at that.
> 
> Tarjei
> 
> > 
> > Here are relevant details from smb.conf:
> >    security = user
> >    encrypt passwords = yes
> >    smb passwd file = /etc/samba/smbpasswd
> >    unix password sync = Yes
> >    passwd program = /usr/bin/passwd %u
> >    passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
> > *passwd:*all*authentication*tokens*updated*successfully*
> >    pam password change = yes
> >   encrypt passwords = yes
> >   smb passwd file = /etc/samba/smbpasswd
> >   obey pam restrictions = yes
> >   domain master = yes
> >   local master = yes
> >   domain logons = yes
> > add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'
> > delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'
> > add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m 
> > '%u' '%g'
> > delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl 
> > -x '%u' '%g'
> > set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g 
> > '%g' '%u'
> > add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && 
> > /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print 
> > $2}'
> > delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'
> > 
> > passdb backend = ldapsam:ldaps://newser1.cpc.net.au smbpasswd guest
> > ldap admin dn = uid=administrator,ou=System,ou=People,dc=cpc
> > ldap port = 389
> > ldap suffix = dc=cpc
> > ldap machine suffix = ou=Hosts,ou=System
> > ldap user suffix = ou=People
> > ldap group suffix = ou=Group
> > ldap machine suffix = ou=Hosts,ou=System
> > ldap user suffix = ou=Utiba,ou=People
> > ldap group suffix = ou=grpUtiba,ou=Group
> > 
> > smb.log :
> >   ldap_connect_system: Binding to ldap server ldaps://newser1.cpc.net.au as 
> > "uid=administrator,ou=System,ou=People,dc=cpc"
> > [2004/10/19 01:54:31, 2] lib/smbldap.c:smbldap_connect_system(796)
> >   failed to bind to server with dn= 
> > uid=administrator,ou=System,ou=People,dc=cpc Error: Invalid credentials
> > 
> > Regards,
> > 
> > Ben
> > 
> > _________________________________________________________________
> > Don't just search. Find. Check out the new MSN Search! 
> > http://search.msn.com/
> > 
> -- 
> Tarjei Huse <tarjei at nu.no>
> 
-- 
Tarjei Huse <tarjei at nu.no>

More information about the samba mailing list