[Samba] Sync password (with MIT-kerberos server) and migration
FM
dist-list at lexum.umontreal.ca
Mon Jan 17 13:17:03 GMT 2005
Hello turbo,
It's funny that you help me in all mailing List connected to ldap as a
backend ;-)
Yes my LDAP server is openldap.
Because I use your how-to, my UserPassword is : {SASL}principal at REALM
And It is working because I can use simple bind to do a ldapsearch.
Sorry but I do not understand :
> Use userPassword: {SASL}principal at REALM
> then ldap will 'ask' the KDC, and samba don't have to care...
Correct me if I am wrong but : UserPassword is for unix password right ?
Can samba use UserPassword (so in my case, sasl, so kerberos password) to
authenticate the user ?
Thanks,
FM
On 17/01/05 03:30, "Turbo Fredriksson" <turbo at bayour.com> wrote:
>>>>>> "FM" == FM <dist-list at lexum.umontreal.ca> writes:
>
> FM> Now, LDAP /KERBEROS is replacing NIS and Samba (with ldap
> FM> backend) will replace the local backend .
>
> Is your LDAP server by any chance OpenLDAP? If not, my examples probably
> won't work...
>
> FM> 2- Because Samba can not use MIT-Kerberos for password (as far
> FM> as I know)
>
> Don't know if this is true, but it doesn't matter. Use
> userPassword: {SASL}principal at REALM
> then ldap will 'ask' the KDC, and samba don't have to care...
>
> FM> When user from Windows want to change his password,
> FM> samba will use a custom script (not created yet ) to also so
> FM> update the Kerberos password (if you have examples they're
> FM> more then welcome).
>
> With some additional tests around this, all you need is a one liner:
>
> kadmin -q "cpw -pw secret principal"
>
> FM> But the big problem is Linux users : If
> FM> they want to update they password, they use kpasswd but it
> FM> will not update samba password.
>
> As said above, using {SASL}, that doesn't matter...
>
>
> Please have a look at http://www.bayour.com/LDAPv3-HOWTO.html. It's
> old, but there should be SOMETHING in there for you...
More information about the samba
mailing list