Hi people,
the topic is maybe a little outside of samba things,
but i try to find someone who has the same
intention as me.
I'm using LDAP/CYRUS-SASL/KERBEROS
for authentification of LINUX-users in my network
(posixAccount).
I now wanna use this for sambaAccounts too, so that
the Windows-users use kerberized authentification too.
My configuration :
Samba 2.2.3a , Openldap 2.0.23 , Kerberos V,
Cyrus-SASL 1.5.27 on LINUX-machine (Kernel 2.4.18).
In my LDAP i tried something like that (an
example,anonymized ..) :
(My REALM here is XY.AB)
---snipp---
dn: uid=xy,...,dc=xy,dc=xy
logonTime: 0
displayName: admin
lmPassword: {KERBEROS}[EMAIL PROTECTED]
objectClass: sambaAccount
objectClass: posixAccount
primaryGroupID: 512
acctFlags: [UX ]
userPassword:: {KERBEROS}[EMAIL PROTECTED]
uid: admin
uidNumber: 1234
cn: admi
logoffTime: 2147483647
gidNumber: 100
kickoffTime: 2147483647
pwdLastSet: 1018479812
rid: 544
homeDirectory: /home/admin
pwdCanChange: 0
pwdMustChange: 2147483647
ntPassword: {KERBEROS}[EMAIL PROTECTED]
---snipp---
You see, i just tried to change the hashs for
ntPassword/lmPassword
into the kerberized schema. I made two new principals
for the Win-pw-hashs that shall hold
the passwords in future.
This didn't work, although i used the original
hashs as password.
I think i made a mistake doing it this way,
does anybody have any suggestions how to do it ?
I will work on it , because i wanna have a solution
for my network, which should be a single-signon for
Win/LINUX-users using KERBEROS.
It would be fine if someone had time for an answer
which gives me hints how to work on.
Greetings from germany
Harry
PS: I used LDAPv3-HOWTO.html from Turbo Fredrikson
( http://www.bayour.com ) as guide how to work
with LDAP/KERBEROS/SASL.
I just can recommend it to everyone.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
