[Samba] Samba 4 LDAP security
steve at steve-ss.com
Thu Jan 19 09:58:33 MST 2012
I'm using Samba 4 to serve Linux and win 7 clients.
I'd like to use GSSAPI to bind to the Samba 4 LDAP to extract the
attributes I've added for the Linux clients. nslcd advertises such
support, but keeps telling me 'Unknown authentication method'. As a
workaround I've done this:
I'm using nss-ldapd to map user attributes via nfs4 to the Linux
clients. Works fine, but the binddn and bindpw have to be stored in
/etc. nslcd runs as user nslcd and I have the permissions on
/etc/nslcd.conf set to 0400 nslcd:nslcd. I've discovered that any user
can do the bind, so it's not the Admin password that is needed.
Until I can get the kerberized bind working (probably never!), any
comments about the security of this? Are there other processes where
passwords have to be stored in a file?
More information about the samba