Samba password server?
Michael L Torrie
torriem at chem.byu.edu
Thu Jul 5 16:57:53 MDT 2007
On Thu, 2007-07-05 at 12:45 -0600, Kenneth Burgener wrote:
> Michael L Torrie wrote:
> Correct me if I am wrong, but LDAP is simply an information storage
> service? How would I go about using LDAP to do secure encrypted
> password authentication?
You're essentially correct. LDAP by itself isn't technically enough,
although as Dave mentioned, with SSL and TLS it's pretty secure.
LDAP when combined with Samba and Kerberos becomes a powerful solution.
Basically Samba stores its password hashes in LDAP (this will change in
Samba 4 with ActiveDirectory and MS Kerberos compatibility), so it would
need read access to those fields, but regular anonymous folks don't.
NSS-ldap brings in LDAP users as unix users (which only requires
anonymous access) and then Kerberos provides authentication for unix
machines.
>
> You wouldn't happen to know of any really good tutorials/"how to" for
> this, would you?
The Samba 3 howto has pretty good information on using Samba and LDAP
together. Also the original doc on all of this is from Turbo
Fredricsson at
http://www.bayour.com/Implementing_LDAPv3/Implementing_LDAPv3.html Note
that his new table of contents on this document is a pain. you have to
click on the chapter headings themselves.
>
> Thanks,
> Kenneth
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>
More information about the PLUG
mailing list