[Samba] LDAP bindpw password

Rowland Penny rowlandpenny241155 at gmail.com
Wed Aug 5 15:02:15 UTC 2015

On 05/08/15 15:38, L.P.H. van Belle wrote:
> Rowland,
> dont be to hard on the guy..  ;-)

Hi Louis, Marc spends a lot of time writing and updating the wiki, I 
help where I can (turning German English into English), but nobody seems 
to read it!!! or if they do, you need to drag it out of them that they 
have read it and are having problems understanding it. How can the wiki 
be improved if isn't known what is wrong with it.

> Sorry that i cant help out more atm but im in process of win7 to win 10 testing with samba,
> and mainwhile doing a rollout..  :-/
> Here are some working examples on debian jessie..  with samba 4.1.7 debian.
> an apache2.4 kerberos auth example.
>      AuthType Kerberos
>      AuthName "Website Login"
>      KrbMethodNegotiate On
>      KrbMethodK5Passwd Off
>      KrbServiceName HTTP
>      KrbAuthRealms INTERNAL.DOMAIN.TLD
>      Krb5KeyTab /etc/apache2/hostname-apache.keytab
>      require valid-user

Hmm, similar to the wiki, yet different in a few ways:

Wiki: KrbMethodK5Passwd On

You have: KrbServiceName HTTP
The wiki doesn't

The wiki has: KrbLocalUserMapping On
You don't

Can you confirm that your setup works and if possible give reasons why 
there are the differences, I will then update the wiki.

> an squid kerberos example.
> auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/hostname.internal.domain.tld at INTERNAL.DOMAIN.TLD
> auth_param negotiate children 10 startup=0 idle=1
> a squid3 fall back to ldap - AD auth.!!
> auth_param basic program /usr/lib/squid3/basic_ldap_auth -R \
>          -b "OU=Users,DC=internal,DC=domain,DC=tld" \
>          -D ldapbind at internal.domain.tld -W /etc/squid3/private/ldapbind \
>          -f (|(userPrincipalName=%s)(sAMAccountName=%s)) \
>          -h hostname.internal.domain.tld
> and a squid fallback to LDAP Basic auth.
> auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 \
>           -b "OU=Users,DC=internal,DC=domain,DC=tld" \
>           -D cn=ldapbind,OU=Service-Accounts,DC=internal,DC=domain,DC=tld  -W /etc/squid3/private/ldapbind \
>           -f uid=%s hostname.internal.domain.tld

If you wait a short while, you will see the squid part on the wiki page 
(once I understand it fully )


> Greetz,
> Louis
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens shacky
>> Verzonden: woensdag 5 augustus 2015 14:20
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] LDAP bindpw password
>> Hi.
>> I'm using Samba 4 on two Zentyal servers as Domain Controller and now
>> I have to authenticate some services to it (Apache and PAM in
>> particular).
>> The LDAP integration asks me for a LDAP bind password, but I cannot
>> find out where it is on Zentyal.
>> Is there a way to check (or change it) directly on Samba 4?
>> Or is it preferable to authenticate against Active Directory
>> or Kerberos?
>> Thank you very much for your help!
>> Bye
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list