[Samba] Samba & (anonymous) LDAP Authentication
Robert Heller
heller at deepsoft.com
Mon Mar 29 17:16:58 MDT 2010
At Mon, 29 Mar 2010 17:38:39 -0400 gaiseric.vandal at gmail.com wrote:
>
> According to how you have described your environment, whether or not you
> use LDAP for Samba's backend, your users will still need corresponding
> unix accounts AND will still have separate unix and windows
> passwords. If you use ldap there will be separate fields for the
> different passwords. If you configure password sync it should appear
> to the users that they have a single password. (i.e. they change the
> password in Windows or with smbpassword the unix password should also
> change.)
>
>
> If you really want a single password I think your options are as follows-
> Configure unix logons to use windbind authentication (ie.
> authenticate using the samba/windows password.)
> Use kerberos for unix and samba.
>
> But that may not resolve your concerns with Samba writing to LDAP.
>
>
> So if you only have one samba machine and only a few users you may
> still want to stick to the TDB backend for the windows account info.
> Samba will still match the unix name to the windows name either way.
OK, it looks like that is what I am stuck with. I only *really* need
one or two users -- it is only for dealing with backups and posting some
files. This seems to work I will just have to live with the potiental
issues of possible differing passwords if/when that happens -- it is
only two usernames at present.
Question: why can't samba just use UNIX's user authentication? Is this
something in the way MS-Windows encrypts the password it sends over the
NetBIOS protocol? Or is there some other issue going on?
--
Robert Heller -- 978-544-6933
Deepwoods Software -- Download the Model Railroad System
http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows
heller at deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/
More information about the samba
mailing list