I already have LDAP setup fro other purposes and I'm using {MD5}
passwords in ou=people,dc=mycompany,dc=com
What are the correct settings in smb.conf?
is is possible to use stored md5 passwords?
Thanks in advance
Jeff Saxton
Jeff Saxton wrote:> I already have LDAP setup fro other purposes and I'm using {MD5} > passwords in ou=people,dc=mycompany,dc=com > What are the correct settings in smb.conf? > > is is possible to use stored md5 passwords? > > Thanks in advanceSAMBA has to authenticate clients using the information that Windows provides. And windows only knows how to provide Windows-specific LM and NT hashes. This is not a problem since SAMBA stores these hashes in LDAP and never uses the actual LDAP password. If you want anything else to authenticate against LDAP password, you must tell SAMBA to update it as well by setting "ldap password sync = yes" (but remember, SAMBA never reads it). Of course some ACLs must be in place on LDAP server, like these: access to dn.base="" by users read by * none access to dn.base="cn=Subschema" by users read by * none access to attrs=userPassword,sambaLMPassword,sambaNTPassword by group="cn=LdapAdmins,ou=Security,dc=dialog,dc=usu,dc=ru" write by anonymous auth by self write by * none access to attrs=@posixAccount,@posixGroup,ou,entry by group="cn=LdapAdmins,ou=Security,dc=dialog,dc=usu,dc=ru" write by * read access to * by group="cn=LdapAdmins,ou=Security,dc=dialog,dc=usu,dc=ru" write by self read by * none -- Alexander E. Patrakov
I figured most of the stuff out last night :) One thing that I still haven't been able to figure out is how to initially generate the sambaSID For each user. What is the best practice for this? Jeff Saxton Sr. Support Engineer Addamark Technologies, Inc. http://www.addamark.com mailto:support@addamark.com CELL: +1 415-640-6392 -----Original Message----- From: Andre Helberg [mailto:andre.helberg@juwimm.com] Sent: Wednesday, August 18, 2004 1:23 AM To: 'Jeff Saxton' Subject: AW: [Samba] Samb a 3.0.5 LDAP Question> I already have LDAP setup fro other purposes and I'm using > {MD5} passwords in ou=people,dc=mycompany,dc=com What are the > correct settings in smb.conf?Minimal settings: passdb backend = ldapsam:ldap://localhost ldap suffix = ou=people,dc=mycompany,dc=com ldap admin dn = cn=root,dc=mycompany,dc=com My settings: passdb backend = ldapsam:ldap://localhost ldap suffix = ou=sso,dc=juwimm,dc=local ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=root,dc=juwimm,dc=local ldap passwd sync = Yes> is is possible to use stored md5 passwords?As far as I know it is not possible, samba uses ist own passwors which are created in the ldap, when you run smbpasswd -a username Andre