Samba password server?

Michael L Torrie torriem at chem.byu.edu
Thu Jul 5 16:57:53 MDT 2007


On Thu, 2007-07-05 at 12:45 -0600, Kenneth Burgener wrote:
> Michael L Torrie wrote:
> Correct me if I am wrong, but LDAP is simply an information storage
> service?  How would I go about using LDAP to do secure encrypted
> password authentication?

You're essentially correct. LDAP by itself isn't technically enough,
although as Dave mentioned, with SSL and TLS it's pretty secure.

LDAP when combined with Samba and Kerberos becomes a powerful solution.
Basically Samba stores its password hashes in LDAP (this will change in
Samba 4 with ActiveDirectory and MS Kerberos compatibility), so it would
need read access to those fields, but regular anonymous folks don't.
NSS-ldap brings in LDAP users as unix users (which only requires
anonymous access) and then Kerberos provides authentication for unix
machines.


> 
> You wouldn't happen to know of any really good tutorials/"how to" for
> this, would you?

The Samba 3 howto has pretty good information on using Samba and LDAP
together.  Also the original doc on all of this is from Turbo
Fredricsson at
http://www.bayour.com/Implementing_LDAPv3/Implementing_LDAPv3.html  Note
that his new table of contents on this document is a pain.  you have to
click on the chapter headings themselves.

> 
> Thanks,
> Kenneth
> 
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
> 




More information about the PLUG mailing list