Hello, I was wondering if there is an easy way to authenticate users through ldap, or pam (which uses ldap). In our current setup samba uses tdbsam. I would like users to be authenticated to our existing ldap server (slapd on debian etch). So that if the user has been authenticated successfully (s)he can access the directories as configured in smb.conf (/home/username, /public etc.) with the file and group permissions the person has when for example using a shell. Using ldapsam with an existing ldap setup is quite a pain and I'd rather avoid it (I have tried but yet did not succeed). I tried using pam, which did work, but only for plaintext passwords. Windows by default doesn't allow plaintext, so this would lock nout windows users unless windows is changed to use plaintext. There are many systems which can use ldap for authentication by just providing a server and distinguished name (dc=...) and such. I was hoping samba would be able to do just that, leaving out any other fancy things. Thank you, Jeroen
On 7/13/07, Jeroen van Aart <kroshka@atypon.com> wrote:> Using ldapsam with an existing ldap setup is quite a pain and I'd rather > avoid it (I have tried but yet did not succeed). I tried using pam, > which did work, but only for plaintext passwords. Windows by default > doesn't allow plaintext, so this would lock nout windows users unless > windows is changed to use plaintext. > > There are many systems which can use ldap for authentication by just > providing a server and distinguished name (dc=...) and such. I was > hoping samba would be able to do just that, leaving out any other fancy > things.Because Windows by default doesn't allow plaintext, it is _impossible_ for Samba to authenticate users using methods like PAM or generic LDAP; it needs a plaintext password to pass to one of those authentication mechanisms. Modifying an LDAP setup to add ldapsam can be tricky but is very doable, and there are several howtos available on the web and discussed on this list. What problems did you run into when trying to do it? Josh Kelley