RAKESH PRITMANI
2012-Aug-07 15:35 UTC
[Samba] Samba User authentication from external LDAP server
I need to authenticate samba users from external LDAP server, tried a few options but when I change LDAP password, the samba password does not change. Is it possible to do away with Samba password and only use LDAP password Rakesh
Gaiseric Vandal
2012-Aug-07 16:13 UTC
[Samba] Samba User authentication from external LDAP server
You need to configure smb.conf with either "unix password sync" (along with "passwd chat" and "passwd program") or with "pam password change " I use the unix password sync option- it passes the new password value to a shell script which then calls an ldap server command to change the password. The script includes the user ID and pw of an account in the LDAP server with appropriate permissions to set the password. I don't know if "pam password change" would work in LDAP. The root account (under which samba runs) has the ability to change local or NIS passwords with the "passwd" command without knowing the old password. But the unix root account is not by default an LDAP admin. If you truly want to use only the LDAP password for Samba authentication then you need to configure plain-text password storage for everything. Which is probably a bad idea. On 08/07/12 11:35, RAKESH PRITMANI wrote:> I need to authenticate samba users from external LDAP server, tried a > few options but when I change LDAP password, the samba password does > not change. Is it possible to do away with Samba password and only use > LDAP password > > Rakesh