[Samba] Failed to retrieve password from secrets.tdb with
anonymous bind
Dr. Alberto Benati
benati at economia.unife.it
Wed Sep 10 07:34:37 GMT 2008
I see to clarify the context.
Everything is inside an intranet 10.X.X.X of my University and
OpenFiler (Samba / Proftpd) server must act as file server for many users
(about 100) against about 1000 total.
Authentication (with user password) is on University LDAP server.
If I create a local LDAP I must then provide a synchronization (account /
password) with University LDAP server that I can not manage/access/retrieve (I
have an anonymous bind only).
Subsequently testing (for security) I use tls for dialogue with University LDAP.
My problem that I can not do work Samba on LDAP authentication without
administration
Alberto
---------- Original Message -----------
From: "Richard Foltyn" <richard.foltyn at gmail.com>
To: samba at lists.samba.org
Sent: Wed, 10 Sep 2008 08:41:19 +0200
Subject: Re: [Samba] Failed to retrieve password from secrets.tdb with
anonymous bind
> Why don't you just *create* a dedicated samba DN in LDAP which Samba
> can use? This is a much more secure setup than granting read or even
> write access to passwords to unauthenticated external connections.
>
> The official smbldap-tools HOWTO even suggests how to do this:
>
> 1) Create an LDAP entry which might look like this:
>
> dn : cn=samba , ou=DSA, dc=IDEALX, dc=ORG
> objectclass : organizationalRole
> objectClass : top
> objectClass : simpleSecurityObject
> userPassword : sambasecretpwd
> cn : samba
>
> 2) Set the password:
> ldappasswd -x -h localhost -D "cn=Manager,dc=IDEALX,dc=ORG" -s
> sambasecretpwd \ -W cn=samba,ou=DSA,dc=IDEALX,dc=ORG
>
> 3) Set you ldap admin dn in smb.conf
>
> 4) Set the samba password with smbpasswd
>
> Done.
>
> (See the HOWTO for details:
> http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/ )
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
------- End of Original Message -------
More information about the samba
mailing list