[Samba] Newbie: SAMBA, LDAP, Kerberos as password Database
pieter.thysebaert at ugent.be
pieter.thysebaert at ugent.be
Mon Sep 27 13:24:58 GMT 2004
Hello people,
We are thinking of an infrastructure overhaul, and I have the following
question.
Currently, we use Samba to serve files to Windows 2000 and XP clients.
I am by no means a Windows/Samba expert, but from a user perspective it means
that one can
a. Map a network drive under Windows, specifying the correct username/password
pair
b. use smbmount under Linux to do the same thing.
As it is now, we have a Samba password database which is separated from our
unix password database (NIS)
This is where we might want to go:
1. We want to deploy MIT Kerberos 5, and we want the Kerberos password
database to be the ONLY password database.
2. User accounts: posixAccount+sambaAccounts in OpenLDAP.
3. configure openLDAP to recognize {SASL} passwords and authenticate through
Kerberos.
4. Block write access to all password fields in the OpenLDAP tree. (only
Kerberos password should be writable using the kpasswd tool)
My main question is: using Samba 3.x and ldap_sam, can one use password-based
authentication against the Kerberos password database by simply entering a
{SASL} type value in the sambaLMPassword and NTPassword fields in LDAP?
Pieter
More information about the samba
mailing list