[Samba] Synchronisation using LDAP

Michael Wood esiotrot at gmail.com
Mon Jul 5 01:03:52 MDT 2010


Sorry, I accidentally did not send my initial reply to the list.

On 5 July 2010 08:26, Jorijn Schrijvershof <jorijn at jorijn.com> wrote:
> On Fri, Jul 2, 2010 at 3:53 PM, Michael Wood <esiotrot at gmail.com> wrote:
>> For a start just try:
>> $ ldapsearch -x -h localhost
>> That should print out a whole bunch of stuff.
>> You can also restrict your search to a certain part of the tree like this:
>> $ ldapsearch -x -h localhost -b CN=Users,DC=samba,DC=example,DC=com
>> (assuming your realm is samba.example.com.)
>> And if you just want their Windows login name, try:
>> $ ldapsearch -x -h localhost -b CN=Users,DC=samba,DC=example,DC=com
>> sAMAccountName
>> If you want to try authenticating to the LDAP server, try:
>> ldapsearch -x -h localhost -b CN=Users,DC=samba,DC=example,DC=com -D
>> CN=Administrator,CN=Users,DC=samba,DC=example,DC=com -W sAMAccountName
>> or like this:
>> $ sudo apt-get install libsasl2-modules-gssapi-heimdal
>> (or libsasl2-modules-gssapi-mit)
>> $ kinit Administrator
>> $ ldapsearch -Y gssapi -h localhost -b
>> CN=Users,DC=samba,DC=example,DC=com sAMAccountName
>> I hope that helps.
> Thank you all, this helped a lot. I am able to connect and browse the
> internal ldap server now. Now for the passwords;
> Google supports sha1, md5 and plaintext passwords during synchronisation,
> where are these located, and if not supported, how to make them supported?
> Thanks a lot :-)

I am not sure this will be possible unless you use plain text
passwords because I believe Windows uses its own hashing algorithms.
I don't know anything about Google's LDAP server/schema, but if you
authenticate as an admin user I think you should be able to access the
passwords.  You might need to fiddle with the access control settings
if you have access to that.

Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list