[Samba] Samba server authenticating to NetWare server?

Chris Richardson Chris.Richardson at icr.ac.uk
Wed Sep 22 13:18:01 GMT 2004


>>> Pierre Dinh-van <pierre at tuxfamily.org> 09/21/04 2:42 PM >>>

[About a Samba server authenticating to a Netware server by NDS or LDAP
with encrypted passwords]

> I did it a year ago against a eDirectory server, but I needed to
extend its 
> schema with the samba-nds.schema (that is include in samba).
>
> <...>
>
> If you configure smbd to use LDAP as passdb, there might be no
problem. Samba 
> will read the encrypted password in the samba(NT|LM)Password attribute
of the 
> LDAP entry.

I had thought of using this approach, but there's an organisational
problem to do with levels of trust.  I can get the samba schema
installed on the Netware server with a little persuasion.  But, as I
understand it, the Samba LDAP passdb plugin wants to have an
administrative user in the LDAP database that can change samba-related
attributes for each user.  This would take some political effort for me
to achieve, because the Netware server is run by a different group
within the organisation.

Using PAM modules, I can get linux logins authenticated against the
Netware/LDAP server without having to do anything to it (other than have
POSIX UID and GID information attributes added for each user).  I was
hoping there would be some (secure) way to do this for Samba.  It works
using PAM-Samba modules, but then Samba has to used unencrypted
passwords.  I guess I'm just being optimistic.

Thanks for the comments so far,

Chris


More information about the samba mailing list