[Samba] Failed to retrieve password from secrets.tdb with anonymous bind

Richard Foltyn richard.foltyn at gmail.com
Wed Sep 10 06:41:19 GMT 2008


Why don't you just *create* a dedicated samba DN in LDAP which Samba
can use? This is a much more secure setup than granting read or even
write access to passwords to unauthenticated external connections.

The official smbldap-tools HOWTO even suggests how to do this:

1) Create an LDAP entry which might look like this:

dn : cn=samba , ou=DSA, dc=IDEALX, dc=ORG
objectclass : organizationalRole
objectClass : top
objectClass : simpleSecurityObject
userPassword : sambasecretpwd
cn : samba

2) Set the password:
ldappasswd -x -h localhost -D "cn=Manager,dc=IDEALX,dc=ORG" -s sambasecretpwd \
-W cn=samba,ou=DSA,dc=IDEALX,dc=ORG

3) Set you ldap admin dn in smb.conf

4) Set the samba password with smbpasswd

Done.

(See the HOWTO for details:
http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/ )


More information about the samba mailing list