Adrian Stoica
2013-Jan-09 13:27 UTC
[Samba] Question about implementing samba4 cleartext passwords
Hello I want to create a domain using samba4 and from there to authenticate users against ad. The challange for me is that i have never worked out with domain or with ldap , and that i need to use AD users/passwords to authenticate not only the domain clients , but the mail users and perhaps the ftp, or web users , that are on another linux distro's. It is possible to implement a AD with samba4, and to retrieve user and password from that database for use on ex. dovecot ? How ? Many thanks, Adrian Stoica
Dewayne Geraghty
2013-Jan-31 07:08 UTC
[Samba] Question about implementing samba4 cleartext passwords
> -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Adrian Stoica > Sent: Thursday, 10 January 2013 12:22 AM > To: samba at samba.org > Subject: [Samba] Question about implementing samba4 cleartext > passwords > > Hello > > I want to create a domain using samba4 and from there to > authenticate users against ad. The challange for me is that i > have never worked out with domain or with ldap , and that i > need to use AD users/passwords to authenticate not only the > domain clients , but the mail users and perhaps the ftp, or > web users , that are on another linux distro's. > > It is possible to implement a AD with samba4, and to retrieve > user and password from that database for use on ex. dovecot ? How ? > > Many thanks, > Adrian Stoica > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaI'd encourage you to not consider working with plaintext passwords. A kerberos environment has many security/convenience (for the user) benefits. I'd suggest that you consider moving your other ftp,web & other services to be kerberised (kerberos-based), which may mean that your ftp, web software will need a rebuild. (Samba4 AD DC also performs NTLM (v2)). This will provide some guidance, but it is a long road: https://wiki.samba.org/index.php/Samba4/beyond Most (all?) services have kerberos or gssapi features. Regards, Dewayne