[Samba] samba + openldap + kerberos + pam
abartlet at samba.org
Sat Aug 26 11:26:07 GMT 2006
On Wed, 2006-08-23 at 11:30 -0400, Karen R McArthur wrote:
> RedHat enterprise v4
> openldap 2.2.13-4
> cyrus-sasl 2.1.19-5.EL4
> samba 3.0.10-1.4E.9
> krb-libs 1.3.4-27
> server1: openldap and kerberos server
> server2: samba server
> We have openldap working as posix source for all of our *nix logins -
> with passwords stored in kerberos accessed via sasl.
> We have an exiting samba server running on redhat for macintosh/windows
> user access to network storage. Our passwords are stored in smbpasswd.
> Access works fine in this configuration.
> We would like to centralize this authentication and have samba read it's
> passwords from ldap/kerberos.
> I assume the errors are because I do not have sambaLMPassword or
> sambaNTPassword stored in my ldap database. I do not want to do this.
> How do I set up samba to read all access from pam (as in the smbclient)
> and not require storage of passwords in ldap?
The only way not to duplicate the password info is to have the KDC use
the Samba passwords. It is *not possible* to use encrypted passwords
(which these clients expect) and PAM.
Heimdal can read the Samba password database, and I have operated a site
on this basis.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20060826/8f190604/attachment.bin
More information about the samba