[Samba] Samba to Kerberos via OpenLDAP
Eduardo Sachs
edu.sachs at gmail.com
Sat Mar 8 09:24:54 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wes Modes,
Look this howto about Kerberized OpenLDAP, Samba PDC and Squid:
http://eduardosachs.org/mediawiki/index.php?title=Heimdal_Kerberos_%2B_Samba_PDC_%2B_OpenLDAP_%2B_Squid_no_Debian_Etch
But, it's only portuguese :(
[]'s
Wes Modes escreveu:
> First, I'll just say this is a question principally about the arcane
> mysteries of Samba to OpenLDAP authentication.
> I've had Samba to OpenLDAP authentication running for a while now using
> the samba.schema and the ldapsam module. Now I'd like to understand a
> bit more about how that works in order to take it a step further and get
> openLDAP to bind against a Kerberos database via SASL.
>
> An aside; Yes, I'd heard that Samba can be configured to authenticate
> against Kerberos directly, but for my own reasons, I'd prefer that Samba
> talk only to OpenLDAP, and OpenLDAP can do the authentication. I'll
> fall back on the Samba to Kerberos direct route if I can't find a way to
> do what I want.
>
> I've noted that the Samba schema and smbldap-tools add to the user
> record two Samba specific password fields, sambaNTPassword and
> sambaLMPassword.
> If I have the ldapsam module specified as the passdb backend in
> smb.conf, is OpenLDAP merely storing the samba passwords while Samba
> does the password comparisons? Or does OpenLDAP do the authentication
> and return a yes or no?
>
> Is it possible to have Samba defer authentication to OpenLDAP? If so, I
> can have OpenLDAP use the {SASL} method to do authentication via kerberos.
>
> Wes
>
- --
Eduardo Sachs
(51) 9262-3803
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH0ltmKB6+7l7CbHURAlb9AJ9J8DX8CeV9YLsRbIcCspP2oI3T3ACgqpQ4
KGpIQrpWdxbZaO4TvPXERVA=
=6OOw
-----END PGP SIGNATURE-----
More information about the samba
mailing list