On 11/9/18 11:31 AM, Rowland Penny via samba wrote: <snip>> > Did you run smbpasswd -w <ldap-password> ?That part appeared to be under the the "optional" section so I did not. I will add that along with the samba schema as you mention. With write access to the Directory, what attributes does samba update? I'm concerned that our SASL passthrough attributes may throw a wrench in the works. If samba tries to update that attribute with a password from the Linux end (password sync?) we might have troubles elsewhere with logins.> You could try reading this: > > https://wiki.samba.org/index.php/Ldapsam_EditposixThank you for the link. I will check it out. It looks closer to what I'm wanting to do that other info I've run across.
On Fri, 9 Nov 2018 12:34:16 -0600 dee heffem <dheffem at gmail.com> wrote:> > > On 11/9/18 11:31 AM, Rowland Penny via samba wrote: > <snip> > > > > Did you run smbpasswd -w <ldap-password> ? > > That part appeared to be under the the "optional" > section so I did not. I will add that along with the > samba schema as you mention.Both are not optional, Samba will not work without them.> > With write access to the Directory, what attributes does samba > update? I'm concerned that our SASL passthrough attributes > may throw a wrench in the works. If samba tries to update that > attribute with a password from the Linux end (password sync?) > we might have troubles elsewhere with logins.It will update whatever you ask it to. You do realise that a Samba DC doesn't need to sync passwords with anything else, it where you authenticate from. There have been numerous reports of problems with NT4-style domains and windows 10 i.e. they just don't work any more, so I would seriously think hard before setting up a new LDAP based Samba server. Rowland
On 11/9/18 1:10 PM, Rowland Penny via samba wrote:> It will update whatever you ask it to. You do realise that a Samba DC > doesn't need to sync passwords with anything else, it where you > authenticate from.No, I don't actually don't know much about this stack but what I will look into setting up a DC. If it involves joining the samba DC to the corporate AD domain, it will not be an option for me however.> > There have been numerous reports of problems with NT4-style domains and > windows 10 i.e. they just don't work any more, so I would seriously > think hard before setting up a new LDAP based Samba server.Definitely need a solution that will work with Win10 so thank you for the heads-up.