[Samba] smbldap-tools security: how to keep passwords in smbldap_bind.conf secure?

Konstantin Boyandin temmokan at gmail.com
Wed Jan 12 09:30:02 MST 2011

01/12/2011 09:56 PM, TAKAHASHI Motonobu пишет:
> 2011/1/12 Konstantin Boyandin <temmokan at gmail.com>:
>> smbldap-passwd may be called by non-root; thus,
>> /etc/smbldap-tools/smbldap_bind>conf
>> must be world-readable, and it keeps the passwords as plain text.
> smbldap-passwd accesses to LDAP as a user who invoked itself.
> This behavior is different from Samba itself as always accesses as
> a user defined with "ldap admin dn".
> So simply set 600 to smbldap_bind.conf will solve the problem.

Yes, that did the trick, thank you!
I thought the bind configuration should also be world readable.

> Also you need to add "by self write" to both sambaLMPassword
> and sambaNTPassword.

Yes, that has been set up and tested before I posted the question.


More information about the samba mailing list