[Samba] password ldap clarification requested...
Adam Tauno Williams
awilliam at whitemice.org
Sun Feb 6 20:14:05 GMT 2005
> I would like to know if the following statements are true, just to make
> sure that my understanding of passwords/ldap stuff is correct...
> Vampireing passwords from an nt4 pdc only populates the ldap server with
> windows passwords, and not the (linux) userPassword.
Yes.
> Authenticating
> linux logons against this ldap server is therefore only possible using
> winbind.
Not entirely true.
> 'Normal' ldap enabled software can NOT authenticate against this ldap,
> because they expect a userPassword, and by simply vampireing this
> password is left blank.
Yes, but recent OpenLDAP servers support authenticating binds against a
LANMAN hash.
> The "ldap passwd sync = yes" smb.conf option makes sure that when
> updating the 'windows' password (via idealx scripts, for example) the
> (linux) userPassword get's updated as well.
Yep, via password-modify extended operation.
> So: suppose I migrate our domain to samba, and on the first samba day, I
> set all accounts to 'required to change password upon first login' I
> would end up having new passwords for everybody, both for windows and
> linux.
Yes.
> And all normal ldap enabled software would then be able to use
> that ldap directory to authenticate to.
Yes.
> Are these assumptions correct? Thanks very much for feedback.
More or less.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050206/c9221d2a/attachment.bin
More information about the samba
mailing list