Hi,
I've set LDAP server OpenLDAP2.1.22, Domain server with samba 3.0,Linux
Client with samba3.0. I've joining samba client to samba server, with
configurations
...........
workgroup = AJK-WIN
encrypt passwords = yes
passdb backend = ldapsam:ldap://10.126.13.93:389 guest
ldap passwd sync = yes
unix password sync = yes
netbios name = bisma
security = domain
...............
I didnot using ldap admin dn or setup adminpw, cos i dont want the root at
client can read that file secrets.tdb. Can u believe?, the pasword can be
read by 'cat' the secrets.tdb.
After joining with net join, it has sucessully added to LDAP
server,(prompted with root password).
But when changing password from the linux samba client it said "..invalid
credentials,..' when binding with account "", and it should from
the samba
server.
My questions are:
1. Is it true if samba always using ldap admin account when changing any
informations on the LDAP-samba database?
2. Should I make some TLS/SASL configuration for bind method from linux
client to the ldap server? So the path of auth process will change, from
samba client directly to LDAP server, not through samba server.
4. What objectClasses are used by samba for auth process? Smbldap-tools
using inetorgperson,posixAccount, and sambaSamAccount, but it cannot
authenticated. So I change inetOrgPerson by account class, but his
combination are less of personal or organization information. Different
administration tools are using different objectClass combinations.
3. Which GUI LDAP/samba tool is better for account administration?
phpldapadmin, LAM, dir-admin, or any else?
Regds
Widi Pradnyana