[Samba] LDAP bindpw password

L.P.H. van Belle belle at bazuin.nl
Wed Aug 5 14:38:29 UTC 2015


Rowland, 
dont be to hard on the guy..  ;-) 
Sorry that i cant help out more atm but im in process of win7 to win 10 testing with samba, 
and mainwhile doing a rollout..  :-/ 

Here are some working examples on debian jessie..  with samba 4.1.7 debian. 

an apache2.4 kerberos auth example. 
    AuthType Kerberos
    AuthName "Website Login"
    KrbMethodNegotiate On
    KrbMethodK5Passwd Off
    KrbServiceName HTTP
    KrbAuthRealms INTERNAL.DOMAIN.TLD
    Krb5KeyTab /etc/apache2/hostname-apache.keytab
    require valid-user
 
an squid kerberos example. 
auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/hostname.internal.domain.tld at INTERNAL.DOMAIN.TLD
auth_param negotiate children 10 startup=0 idle=1

a squid3 fall back to ldap - AD auth.!!  
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R \
        -b "OU=Users,DC=internal,DC=domain,DC=tld" \
        -D ldapbind at internal.domain.tld -W /etc/squid3/private/ldapbind \
        -f (|(userPrincipalName=%s)(sAMAccountName=%s)) \
        -h hostname.internal.domain.tld

and a squid fallback to LDAP Basic auth. 
auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 \
         -b "OU=Users,DC=internal,DC=domain,DC=tld" \
         -D cn=ldapbind,OU=Service-Accounts,DC=internal,DC=domain,DC=tld  -W /etc/squid3/private/ldapbind \
         -f uid=%s hostname.internal.domain.tld



Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens shacky
>Verzonden: woensdag 5 augustus 2015 14:20
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] LDAP bindpw password
>
>Hi.
>
>I'm using Samba 4 on two Zentyal servers as Domain Controller and now
>I have to authenticate some services to it (Apache and PAM in
>particular).
>The LDAP integration asks me for a LDAP bind password, but I cannot
>find out where it is on Zentyal.
>Is there a way to check (or change it) directly on Samba 4?
>Or is it preferable to authenticate against Active Directory 
>or Kerberos?
>
>Thank you very much for your help!
>Bye
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>




More information about the samba mailing list