[Samba] Question about implementing samba4 cleartext passwords

Dewayne Geraghty dewayne.geraghty at heuristicsystems.com.au
Thu Jan 31 00:08:40 MST 2013

> -----Original Message-----
> From: samba-bounces at lists.samba.org 
> [mailto:samba-bounces at lists.samba.org] On Behalf Of Adrian Stoica
> Sent: Thursday, 10 January 2013 12:22 AM
> To: samba at samba.org
> Subject: [Samba] Question about implementing samba4 cleartext 
> passwords
> Hello
> I want to create a domain using samba4 and from there to 
> authenticate users against ad. The challange for me is that i 
> have never worked out with domain or with ldap , and that i 
> need to use AD users/passwords to authenticate not only the 
> domain clients , but the mail users and perhaps the ftp, or 
> web users , that are on another linux distro's.
> It is possible to implement a AD with samba4, and to retrieve 
> user and password from that database for use on ex. dovecot ? How ?
> Many thanks,
> Adrian Stoica
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

I'd encourage you to not consider working with plaintext passwords.

A kerberos environment has many security/convenience (for the user) benefits.

I'd suggest that you consider moving your other ftp,web & other services to be kerberised (kerberos-based), which may mean that your
ftp, web software will need a rebuild.  (Samba4 AD DC also performs NTLM (v2)).

This will provide some guidance, but it is a long road:

Most (all?) services have kerberos or gssapi features.

Regards, Dewayne

More information about the samba mailing list