[Samba] password ldap clarification requested...
mourik jan c heupink
heupink at intech.unu.edu
Sun Feb 6 19:31:37 GMT 2005
Dear list,
I would like to know if the following statements are true, just to make
sure that my understanding of passwords/ldap stuff is correct...
Vampireing passwords from an nt4 pdc only populates the ldap server with
windows passwords, and not the (linux) userPassword. Authenticating
linux logons against this ldap server is therefore only possible using
winbind.
'Normal' ldap enabled software can NOT authenticate against this ldap,
because they expect a userPassword, and by simply vampireing this
password is left blank.
The "ldap passwd sync = yes" smb.conf option makes sure that when
updating the 'windows' password (via idealx scripts, for example) the
(linux) userPassword get's updated as well.
So: suppose I migrate our domain to samba, and on the first samba day, I
set all accounts to 'required to change password upon first login' I
would end up having new passwords for everybody, both for windows and
linux. And all normal ldap enabled software would then be able to use
that ldap directory to authenticate to.
Are these assumptions correct? Thanks very much for feedback.
Yours,
Mourik Jan
More information about the samba
mailing list