[Samba] LDAP bindpw password

L.P.H. van Belle belle at bazuin.nl
Wed Aug 5 14:38:29 UTC 2015

dont be to hard on the guy..  ;-) 
Sorry that i cant help out more atm but im in process of win7 to win 10 testing with samba, 
and mainwhile doing a rollout..  :-/ 

Here are some working examples on debian jessie..  with samba 4.1.7 debian. 

an apache2.4 kerberos auth example. 
    AuthType Kerberos
    AuthName "Website Login"
    KrbMethodNegotiate On
    KrbMethodK5Passwd Off
    KrbServiceName HTTP
    Krb5KeyTab /etc/apache2/hostname-apache.keytab
    require valid-user
an squid kerberos example. 
auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/hostname.internal.domain.tld at INTERNAL.DOMAIN.TLD
auth_param negotiate children 10 startup=0 idle=1

a squid3 fall back to ldap - AD auth.!!  
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R \
        -b "OU=Users,DC=internal,DC=domain,DC=tld" \
        -D ldapbind at internal.domain.tld -W /etc/squid3/private/ldapbind \
        -f (|(userPrincipalName=%s)(sAMAccountName=%s)) \
        -h hostname.internal.domain.tld

and a squid fallback to LDAP Basic auth. 
auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 \
         -b "OU=Users,DC=internal,DC=domain,DC=tld" \
         -D cn=ldapbind,OU=Service-Accounts,DC=internal,DC=domain,DC=tld  -W /etc/squid3/private/ldapbind \
         -f uid=%s hostname.internal.domain.tld



>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens shacky
>Verzonden: woensdag 5 augustus 2015 14:20
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] LDAP bindpw password
>I'm using Samba 4 on two Zentyal servers as Domain Controller and now
>I have to authenticate some services to it (Apache and PAM in
>The LDAP integration asks me for a LDAP bind password, but I cannot
>find out where it is on Zentyal.
>Is there a way to check (or change it) directly on Samba 4?
>Or is it preferable to authenticate against Active Directory 
>or Kerberos?
>Thank you very much for your help!
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list