On 2012-11-30 9:22 am, Gaiseric Vandal wrote:
Can you clarify one thing - why are you using the sambaNTPassword in
openldap if openldap is not currently used samba authentication? I
would have thought that you would use the standard password field.
We are using the standard userPassword field for most things, but for
radius authentication via PEAP/MSCHAPv2, we needed to use
sambaNTPassword instead.
I use Samba 3.x DC's with an ldap back end. I also use the ldap
backend for unix authentication as well as authentication to various
other systems that support LDAP authentication. If you are
using
one or more BDC's you really do have to use an LDAP back end. But
there is no reason why member server's can use an LDAP backend.
If the underlying unix account for each samba account is in
/etc/passwd and not LDAP, you should consolidate it all into LDAP.
We currently don't want to deploy a PDC or BDC if we don't need to. All
we want to do is have a file server that can authenticate using the
username/password stored in openldap.
Do the sambaNTPassword (and other samba attributes) in LDAP match
those in the tdb backend? You may find you want to blast away the
existing sambaNTPassword entries in LDAP before you migrate the TDB
data to LDAP.
No, our current Samba file server has a totally separate set of
passwords. When we transition over to this new Samba file server, we
will be having all our users use their openldap password instead. We do
not want to sync their existing tdb passwords over to LDAP.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
