[Samba] Samba and Ldap
Gaiseric Vandal
gaiseric.vandal at gmail.com
Fri Jun 24 07:16:08 MDT 2011
The user's unix LDAP password should be encrypted (technically I think
it is actually hashed, since it is not reversible)- so no, you can't
get their existing password.
There are two options in smb.conf to have the password sync
ldap passwd sync = yes
or
unix password sync = yes
I have ldap backend for linux and samba passwords, but initally had NIS
for unix and TDB for samba. I use the "unix password sync" option
partially as a legacy hold over of the previous backend.
I therefore also set
passwd program = /etc/samba/smbldappasswd.sh %u
passwd chat =*New* %n\n *changed*
Samba passes the new "windows" password to the external script which
uses the sun ldappasswd command to change the user's unix script. You
can't just use the "passwd" command since the local root account on a
unix server is not the LDAP admin user.
The " ldap passwd sync = yes" would probably have been cleaner.
On 06/24/2011 05:36 AM, thom_schu at gmx.de wrote:
> Hi,
> all the users here are stored in a LDAP-Server, means authentication on a workstation (linux) is over LDAP. Yesterday I configured a Samba-Server, it also uses the LDAP-Server as its backend.
> I found out, that with a call "smbpasswd -a user" an existing user gets all the attributes from the sambaSamAccount automaticly.
> But here is my first question - for this call I need to know the users password, is there a way, so that I can use the users password already saved in LDAP as the unix account password ?
>
> Another question.
> When a user calls "passwd" on a workstation, now only the passwordfield in LDAP for the unix account will be changed. But I want to keep unix account password and samba password synchron - is this possible with calling "passwd" ?
>
> thanks
>
> gizmo
More information about the samba
mailing list