[Samba] Sync password (with MIT-kerberos server) and migration

Turbo Fredriksson turbo at bayour.com
Mon Jan 17 08:30:04 GMT 2005

>>>>> "FM" == FM  <dist-list at lexum.umontreal.ca> writes:

    FM> Now, LDAP /KERBEROS is replacing NIS and Samba (with ldap
    FM> backend) will replace the local backend .

Is your LDAP server by any chance OpenLDAP? If not, my examples probably
won't work...

    FM> 2- Because Samba can not use MIT-Kerberos for password (as far
    FM> as I know)

Don't know if this is true, but it doesn't matter. Use 
      userPassword: {SASL}principal at REALM
then ldap will 'ask' the KDC, and samba don't have to care...

    FM> When user from Windows want to change his password,
    FM> samba will use a custom script (not created yet ) to also so
    FM> update the Kerberos password (if you have examples they're
    FM> more then welcome).

With some additional tests around this, all you need is a one liner:

    kadmin -q "cpw -pw secret principal"

    FM> But the big problem is Linux users : If
    FM> they want to update they password, they use kpasswd but it
    FM> will not update samba password.

As said above, using {SASL}, that doesn't matter...

Please have a look at http://www.bayour.com/LDAPv3-HOWTO.html. It's
old, but there should be SOMETHING in there for you...
jihad fissionable domestic disruption smuggle Saddam Hussein munitions
767 Kennedy plutonium PLO spy assassination Ft. Bragg Ft. Meade subway
[See http://www.aclu.org/echelonwatch/index.html for more about this]

More information about the samba mailing list