[Samba] LDAP bindpw password
L.P.H. van Belle
belle at bazuin.nl
Wed Aug 5 14:38:29 UTC 2015
Rowland,
dont be to hard on the guy.. ;-)
Sorry that i cant help out more atm but im in process of win7 to win 10 testing with samba,
and mainwhile doing a rollout.. :-/
Here are some working examples on debian jessie.. with samba 4.1.7 debian.
an apache2.4 kerberos auth example.
AuthType Kerberos
AuthName "Website Login"
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbServiceName HTTP
KrbAuthRealms INTERNAL.DOMAIN.TLD
Krb5KeyTab /etc/apache2/hostname-apache.keytab
require valid-user
an squid kerberos example.
auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/hostname.internal.domain.tld at INTERNAL.DOMAIN.TLD
auth_param negotiate children 10 startup=0 idle=1
a squid3 fall back to ldap - AD auth.!!
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R \
-b "OU=Users,DC=internal,DC=domain,DC=tld" \
-D ldapbind at internal.domain.tld -W /etc/squid3/private/ldapbind \
-f (|(userPrincipalName=%s)(sAMAccountName=%s)) \
-h hostname.internal.domain.tld
and a squid fallback to LDAP Basic auth.
auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 \
-b "OU=Users,DC=internal,DC=domain,DC=tld" \
-D cn=ldapbind,OU=Service-Accounts,DC=internal,DC=domain,DC=tld -W /etc/squid3/private/ldapbind \
-f uid=%s hostname.internal.domain.tld
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens shacky
>Verzonden: woensdag 5 augustus 2015 14:20
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] LDAP bindpw password
>
>Hi.
>
>I'm using Samba 4 on two Zentyal servers as Domain Controller and now
>I have to authenticate some services to it (Apache and PAM in
>particular).
>The LDAP integration asks me for a LDAP bind password, but I cannot
>find out where it is on Zentyal.
>Is there a way to check (or change it) directly on Samba 4?
>Or is it preferable to authenticate against Active Directory
>or Kerberos?
>
>Thank you very much for your help!
>Bye
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list