James R. Phillips
2008-Apr-22 23:49 UTC
[Samba] Can't use Encrypted Passwords with ldapsam backend
Hello samba mailing list, I'm using samba 3.0.24 on a home server running Debian etch. The server handles authentication and provides samba file shares for a small home network of Linux machines. I recently changed basic login authentication from NIS to kerberos/ldap for the clients. I then decided to switch samba over on the server to use the new ldap authentication backend. The [global] section of smb.conf looks like this: ===========[global] workgroup = PHILLIPS.ORG dns proxy = No username map = /etc/samba/user.map # The whole objective of using ldap was to set this true; # but it seems to cause samba to choke. Is ldap ssl # required if this is set true? Doesn't seem likely. # http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#smb.conf # shows an example with encrypted passwords and without tls # encrypt passwords = false # server string = %h server (Samba %v) wins support = Yes master = Yes browseable = Yes passdb backend = ldapsam obey pam restrictions = yes ldap suffix = dc=localnet ldap admin dn = cn=admin,dc=localnet =========== Note that passwords are not encrypted. This is because samba authentication always fails for all clients when I set "encrypt passwords" to "true". It works fine without encryption. As the comments in the file indicate, I wondered whether ldap ssl is required to support encrypted passwords, but that doesn't seem to be the case. So I don't know why I can't successfully enable encrypted passwords. Can anyone shed some light on this? Thanks James R. Phillips
James R. Phillips
2008-Apr-23 14:06 UTC
[Samba] Can't use Encrypted Passwords with ldapsam backend
Hello samba mailing list, I'm using samba 3.0.24 on a home server running Debian etch. The server handles authentication and provides samba file shares for a small home network of Linux machines. I recently changed basic login authentication from NIS to kerberos/ldap for the clients. I then decided to switch samba over on the server to use the new ldap authentication backend. The [global] section of smb.conf looks like this: ===========[global] workgroup = PHILLIPS.ORG dns proxy = No username map = /etc/samba/user.map # The whole objective of using ldap was to set this true; # but it seems to cause samba to choke. Is ldap ssl # required if this is set true? Doesn't seem likely. # http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#smb.conf # shows an example with encrypted passwords and without tls # encrypt passwords = false # server string = %h server (Samba %v) wins support = Yes master = Yes browseable = Yes passdb backend = ldapsam obey pam restrictions = yes ldap suffix = dc=localnet ldap admin dn = cn=admin,dc=localnet =========== Note that passwords are not encrypted. This is because samba authentication always fails for all clients when I set "encrypt passwords" to "true". It works fine without encryption. As the comments in the file indicate, I wondered whether ldap ssl is required to support encrypted passwords, but that doesn't seem to be the case. So I don't know why I can't successfully enable encrypted passwords. Can anyone shed some light on this? Thanks James R. Phillips
James R. Phillips
2008-May-01 23:37 UTC
[Samba] Can't use Encrypted Passwords with ldapsam backend
James R. Phillips wrote:> Hello samba mailing list, > > I'm using samba 3.0.24 on a home server running Debian etch. The server > handles authentication and provides samba file shares for a small home > network of Linux machines. I recently changed basic login > authentication from NIS to kerberos/ldap for the clients. I then decided > to switch samba over on the server to use the new ldap authentication > backend. > > The [global] section of smb.conf looks like this: > ===========> [global] > workgroup = PHILLIPS.ORG > dns proxy = No > username map = /etc/samba/user.map > # The whole objective of using ldap was to set this true; > # but it seems to cause samba to choke. Is ldap ssl > # required if this is set true? Doesn't seem likely. > # http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#smb.conf > # shows an example with encrypted passwords and without tls > # > encrypt passwords = false > # > server string = %h server (Samba %v) > wins support = Yes > master = Yes > browseable = Yes > passdb backend = ldapsam > obey pam restrictions = yes > ldap suffix = dc=localnet > ldap admin dn = cn=admin,dc=localnet > ===========> > Note that passwords are not encrypted. > This is because samba authentication always fails for all clients when > I set "encrypt passwords" to "true". It works fine without encryption. > As the comments in the file indicate, I wondered whether ldap ssl is > required to support encrypted passwords, but that doesn't seem to be the > case. So I don't know why I can't successfully enable encrypted > passwords. > > Can anyone shed some light on this? > > Thanks > > James R. Phillips > >[Bump] Can anyone help on this issue? No replies to original message. Thanks Jim P