Marc Petitmermet wrote:
In your situation, you can't modify the users' entries in LDAP to add the samba information either I would guess.
correct.
For this type of a situation, use either the password file (is the option smbpasswd?) or tdbsam. You don't need to specify that ldap is involved at all.
no. i want the users authenticate against the central ldap and not a local database/file. i don't want to maintain the username and passwords myself; this information is already available in the ldap and many other systems/programs rely on these informations in the ldap (almost single-sign-on). why do this twice?
If you can't add the proper object classes (sambaSamAccount) to the LDAP datastore then you're going to have to duplicate the information someplace. Samba doesn't authenticate against the UNIX passwd mechanism since Windows sends non-reversable password hashes there is no way to figure out that when it sends 1C67D5538C78A1C1687C7CE8C065684B it is really the same as the vQIuje1XDmK/ that is in the UNIX passwd database.
I guess you could turn off encrypted passwords if you really wanted to, but thats not really a good fix.
regards, marc
-- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:[EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
