[Samba] Revisiting Samba's interaction with LDAP's ppolicy overlay
Adam Tauno Williams
adamtaunowilliams at gmail.com
Mon Sep 29 14:14:01 GMT 2008
> >> Some months back, I entertained a conversation with Volker Lendecke,
> >> Adam Tauno Williams, and Simo Sorce about getting Samba to play nice
> >> with LDAP's ppolicy overlay. (Thread starts here:
> >> http://www.mail-archive.com/samba@lists.samba.org/msg92134.html and ends
> >> here: http://www.mail-archive.com/samba@lists.samba.org/msg92214.html)
> >> I was wondering if any progress had been made on this front that would
> >> make the job of maintaining PCI/DSS compliance for Samba PDC shops a bit
> >> more streamlined?
>My workaround was to implement the same security policy in Samba via
> pdbedit, so essentially the LDAP policies were duplicated in Samba.
> Another thread I was involved in back then
> (http://lists.samba.org/archive/samba/2008-April/139594.html) briefly
> describes this. But, again, this is far from the perfect situation of
> having one universal way to enforce password policies, and still has
> it's share of problems.
This is, AFAIK, the only solution currently. We do the same thing. It stinks.
--
Consonance: an Open Source .NET OpenGroupware client.
Contact:awilliam at whitemiceconsulting.com http://freshmeat.net/projects/consonance/
More information about the samba
mailing list