[Samba] Help with Samba (net vampire) not pulling passwords into openLDAP backend - fails pam_ldap authentication - pam_unix used instead ?

Andrew Bartlett abartlet at samba.org
Sat Jan 8 20:51:47 GMT 2005


On Fri, 2005-01-07 at 23:01 -0500, Franciszek Michal Misa wrote:
> Hi All,
> 
> Hope someone here can help me ?
> 
> *See end for background and system information...
> 
> 
> I'm looking for advice or links to clear documentation on the use and
> configuration of "net vampire" and it's ability to download PDC accounts
> with passwords intact.
> 
> I have successfully used "net vampire" to synchronize my Samba BDC --
> with my companies PDC.  I've switched my linux box authentication --
> using "authconfig" -- to authenticate against LDAP.
> 
> Seems to be working for all but accounts "net vampired" over.....

The one thing that the 'vampire' process will not do is return the
plaintext password.  This means that Samba cannot set the 'ldap
password'.  Your options are to use pam_winbind on your local machine,
and authenticate local users against Samba, which then works against the
NT and LM passwords we do have, or to use the Heimdal Krb5 snapshot
described in 
https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap
and pam_krb5.

Or you can try and have pam_ldap -> OpenLDAP -> SASL PLAIN -> PAM ->
pam_winbindd -> winbindd -> OpenLDAP...

Yes, I know this sucks, and I've tried to have discussions with the
OpenLDAP folks about how we could have OpenLDAP authenticate against
these passwords in a sensible way, and the infrastructure was simply not
up to it.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050109/026e3c91/attachment.bin


More information about the samba mailing list