[Samba] smbldap-tools security: how to keep passwords in smbldap_bind.conf secure?

TAKAHASHI Motonobu monyo at monyo.com
Wed Jan 12 08:56:03 MST 2011

2011/1/12 Konstantin Boyandin <temmokan at gmail.com>:
> smbldap-passwd may be called by non-root; thus,
> /etc/smbldap-tools/smbldap_bind>conf
> must be world-readable, and it keeps the passwords as plain text.

smbldap-passwd accesses to LDAP as a user who invoked itself.

This behavior is different from Samba itself as always accesses as
a user defined with "ldap admin dn".

So simply set 600 to smbldap_bind.conf will solve the problem.

Also you need to add "by self write" to both sambaLMPassword
and sambaNTPassword.

TAKAHASHI Motonobu <monyo at samba.gr.jp>

More information about the samba mailing list