[Samba] password ldap clarification requested...

mourik jan c heupink heupink at intech.unu.edu
Sun Feb 6 19:31:37 GMT 2005


Dear list,

I would like to know if the following statements are true, just to make 
sure that my understanding of passwords/ldap stuff is correct...

Vampireing passwords from an nt4 pdc only populates the ldap server with 
windows passwords, and not the (linux) userPassword. Authenticating 
linux logons against this ldap server is therefore only possible using 
winbind.

'Normal' ldap enabled software can NOT authenticate against this ldap, 
because they expect a userPassword, and by simply vampireing this 
password is left blank.

The "ldap passwd sync = yes" smb.conf option makes sure that when 
updating the 'windows' password (via idealx scripts, for example) the 
(linux) userPassword get's updated as well.

So: suppose I migrate our domain to samba, and on the first samba day, I 
set all accounts to 'required to change password upon first login' I 
would end up having new passwords for everybody, both for windows and 
linux. And all normal ldap enabled software would then be able to use 
that ldap directory to authenticate to.

Are these assumptions correct? Thanks very much for feedback.

Yours,
Mourik Jan


More information about the samba mailing list