[Samba] Sync password (with MIT-kerberos server) and migration
Turbo Fredriksson
turbo at bayour.com
Mon Jan 17 08:30:04 GMT 2005
>>>>> "FM" == FM <dist-list at lexum.umontreal.ca> writes:
FM> Now, LDAP /KERBEROS is replacing NIS and Samba (with ldap
FM> backend) will replace the local backend .
Is your LDAP server by any chance OpenLDAP? If not, my examples probably
won't work...
FM> 2- Because Samba can not use MIT-Kerberos for password (as far
FM> as I know)
Don't know if this is true, but it doesn't matter. Use
userPassword: {SASL}principal at REALM
then ldap will 'ask' the KDC, and samba don't have to care...
FM> When user from Windows want to change his password,
FM> samba will use a custom script (not created yet ) to also so
FM> update the Kerberos password (if you have examples they're
FM> more then welcome).
With some additional tests around this, all you need is a one liner:
kadmin -q "cpw -pw secret principal"
FM> But the big problem is Linux users : If
FM> they want to update they password, they use kpasswd but it
FM> will not update samba password.
As said above, using {SASL}, that doesn't matter...
Please have a look at http://www.bayour.com/LDAPv3-HOWTO.html. It's
old, but there should be SOMETHING in there for you...
--
jihad fissionable domestic disruption smuggle Saddam Hussein munitions
767 Kennedy plutonium PLO spy assassination Ft. Bragg Ft. Meade subway
[See http://www.aclu.org/echelonwatch/index.html for more about this]
More information about the samba
mailing list