Samba password server?
Michael L Torrie
torriem at chem.byu.edu
Thu Jul 5 16:57:53 MDT 2007
On Thu, 2007-07-05 at 12:45 -0600, Kenneth Burgener wrote:
> Michael L Torrie wrote:
> Correct me if I am wrong, but LDAP is simply an information storage
> service? How would I go about using LDAP to do secure encrypted
> password authentication?
You're essentially correct. LDAP by itself isn't technically enough,
although as Dave mentioned, with SSL and TLS it's pretty secure.
LDAP when combined with Samba and Kerberos becomes a powerful solution.
Basically Samba stores its password hashes in LDAP (this will change in
Samba 4 with ActiveDirectory and MS Kerberos compatibility), so it would
need read access to those fields, but regular anonymous folks don't.
NSS-ldap brings in LDAP users as unix users (which only requires
anonymous access) and then Kerberos provides authentication for unix
> You wouldn't happen to know of any really good tutorials/"how to" for
> this, would you?
The Samba 3 howto has pretty good information on using Samba and LDAP
together. Also the original doc on all of this is from Turbo
that his new table of contents on this document is a pain. you have to
click on the chapter headings themselves.
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG