Hi Guy,
> I'm trying to merge the LDAP tree of two servers together so that I can
> perform authentication from a web service on the third server to this
> tree. The problem I have is that the passwords (or, more precisely, the
> passwords hash) is not stored in LDAP but rather via kerberos.
why do you think that kerberos hashes are not stored in the ldap tree? Take a
look at https://msdn.microsoft.com/en-us/library/ms679920%28v=vs.85%29.aspx and
https://msdn.microsoft.com/en-us/library/cc245499.aspx
> Is it possible to get a copy of the passwords hash to do the
> authentication on the web service myself ?
I am not very sure what you want to do. If you want to reset password of one
samba4 domain using the password hash of another samba4 domain in order to merge
them, you may try the patch of Alberto Maria Fiaschi (look on the interweb for
pdbedit_ntHash.patch). If there is a sense for you to have two ADs, and your web
application cannot handle two authentication sources, then you may try to
install a openldap with referal in order to configure only one ldap on your web
applications. If you are doing kerberos auth, you may also try the inter realm
trust of samba4.3 if the lack of sid filtering is not an issue for you.
> I'm not sure this post belongs on samba's list, but since
everything is
> a little 'obscured' by samba, I thought that I could get help here.
Samba, or AD actually, does not make things obscured, it makes them simple to
use. But subjacent technologies are not simple per se.
Cheers,
Denis
>
> Thank you!
>
> Guy-Laurent Subri
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
