[Samba] Can't use Encrypted Passwords with ldapsam backend

[James R. Phillips]

James R. Phillips wrote:
> Hello samba mailing list,
>
> I'm using samba 3.0.24 on a home server running Debian etch.  The server
> handles authentication and provides samba file shares for a small home
> network of Linux machines.  I recently changed basic login
> authentication from NIS to kerberos/ldap for the clients. I then decided
> to switch samba over on the server to use the new ldap authentication
> backend.
>
> The [global] section of smb.conf looks like this:
> ============
> [global]
>        workgroup = PHILLIPS.ORG
>        dns proxy = No
>        username map = /etc/samba/user.map
> # The whole objective of using ldap was to set this true;
> # but it seems to cause samba to choke.  Is ldap ssl
> # required if this is set true?  Doesn't seem likely.
> # http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#smb.conf
> # shows an example with encrypted passwords and without tls
> #
>        encrypt passwords = false
> #
>        server string = %h server (Samba %v)
>        wins support = Yes
>        master = Yes
>        browseable = Yes
>        passdb backend = ldapsam
>        obey pam restrictions = yes
>        ldap suffix = dc=localnet
>        ldap admin dn = cn=admin,dc=localnet
> ============
>
> Note that passwords are not encrypted.
> This is  because samba authentication always fails for all clients when
> I set "encrypt passwords" to "true". It works fine without encryption.
> As the comments in the file indicate, I wondered whether ldap ssl is
> required to support encrypted passwords, but that doesn't seem to be the
> case.  So I don't know why I can't successfully enable encrypted 
> passwords.
>
> Can anyone shed some light on this?
>
> Thanks
>
> James R. Phillips
>
>
[Bump]

Can anyone help on this issue? No replies to original message.

Thanks

Jim P