Hello, I am using Centos 6 with 389 DS. Everything is working, I can authenticate my users against it etc. Now I am trying to make Samba authenticate against the LDAP by following http://directory.fedoraproject.org/wiki/Howto:Samba However, it seems that Samba does not read the 'password' value, but 'sambaNTPassword'. I wrote in 389-DS mailing list and they said, that there is no way to make Samba read the 'password'. So I must end with two password (Samba and "normal" one). I can not sync them, since crypt algorithms are different and I can not just copy/paste the password to sambaNTPassword. Did someone else had this issue? I need some file sharing software (can be even a web application), which can authenticate against LDAP, so all the people have one password for authentication. Regards,
On Feb 27, 2013, at 8:22 AM, Todor Petkov wrote:> Hello, > > I am using Centos 6 with 389 DS. Everything is working, I can > authenticate my users against it etc. > > Now I am trying to make Samba authenticate against the LDAP by > following http://directory.fedoraproject.org/wiki/Howto:Samba > > However, it seems that Samba does not read the 'password' value, but > 'sambaNTPassword'. I wrote in 389-DS mailing list and they said, that > there is no way to make Samba read the 'password'. So I must end with > two password (Samba and "normal" one). I can not sync them, since crypt > algorithms are different and I can not just copy/paste the password to > sambaNTPassword. > > Did someone else had this issue? I need some file sharing software (can > be even a web application), which can authenticate against LDAP, so all > the people have one password for authentication.---- a lot of different ways to handle this - it all depends upon which language/tools you use. I have used Webmin LDAP Users & Groups module which can set the sambaNTPassword and userPassword to the same value after encryption. I have also written a framework application in ruby on rails for my current employer which does this and much much more. There is also a smbldap-tools perl toolkit which can integrate with samba and can do the same thing. Craig
On Feb 27, 2013, at 8:22 AM, Todor Petkov wrote:> Hello, > > I am using Centos 6 with 389 DS. Everything is working, I can > authenticate my users against it etc. > > Now I am trying to make Samba authenticate against the LDAP by > following http://directory.fedoraproject.org/wiki/Howto:Samba > > However, it seems that Samba does not read the 'password' value, but > 'sambaNTPassword'. I wrote in 389-DS mailing list and they said, that > there is no way to make Samba read the 'password'. So I must end with > two password (Samba and "normal" one). I can not sync them, since crypt > algorithms are different and I can not just copy/paste the password to > sambaNTPassword. > > Did someone else had this issue? I need some file sharing software (can > be even a web application), which can authenticate against LDAP, so all > the people have one password for authentication.---- and by the way? if you actually want security for LDAP passwords (userPassword), use SSHA instead of crypt. Craig
On 27/02/2013 05:27 PM, Craig White wrote:> ---- > a lot of different ways to handle this - it all depends upon which > language/tools you use. > > I have used Webmin LDAP Users & Groups module which can set the > sambaNTPassword and userPassword to the same value after encryption. > > I have also written a framework application in ruby on rails for my > current employer which does this and much much more. > > There is also a smbldap-tools perl toolkit which can integrate with > samba and can do the same thing. > > Craig >Thanks, I will check smbldap-tools. I have already users in LDAP. I know, it will be easy if there is a new user, then I will just use the same password in the values, but I need to sync the current encrypted password to SambaNTPassword, which uses a different algorithm. Or just reset and send a new password to the person, but if he wants to change it via ssh (passwd), it will change only the password, not the samba one. As for crypt method: I meant "encryption algorithm". I am using SSHA passwords, not crypt. Regards,
On Feb 27, 2013, at 8:50 AM, Todor Petkov wrote:> On 27/02/2013 05:27 PM, Craig White wrote: > >> ---- >> a lot of different ways to handle this - it all depends upon which >> language/tools you use. >> >> I have used Webmin LDAP Users & Groups module which can set the >> sambaNTPassword and userPassword to the same value after encryption. >> >> I have also written a framework application in ruby on rails for my >> current employer which does this and much much more. >> >> There is also a smbldap-tools perl toolkit which can integrate with >> samba and can do the same thing. >> >> Craig >> > > Thanks, I will check smbldap-tools. > > I have already users in LDAP. I know, it will be easy if there is a new > user, then I will just use the same password in the values, but I need > to sync the current encrypted password to SambaNTPassword, which uses a > different algorithm. Or just reset and send a new password to the > person, but if he wants to change it via ssh (passwd), it will change > only the password, not the samba one.---- all of the known methods require an unencrypted value to then hash for LDAP sambaNTPassword and there is no way to take an encrypted value from userPassword and convert it to sambaNTPassword Craig