I already have LDAP setup fro other purposes and I'm using {MD5}
passwords in ou=people,dc=mycompany,dc=com
What are the correct settings in smb.conf?
is is possible to use stored md5 passwords?
Thanks in advance
SAMBA has to authenticate clients using the information that Windows provides. And windows only knows how to provide Windows-specific LM and NT hashes. This is not a problem since SAMBA stores these hashes in LDAP and never uses the actual LDAP password. If you want anything else to authenticate against LDAP password, you must tell SAMBA to update it as well by setting "ldap password sync = yes" (but remember, SAMBA never reads it). Of course some ACLs must be in place on LDAP server, like these:
access to dn.base=""
by users read
by * noneaccess to dn.base="cn=Subschema"
by users read
by * none
access to attrs=userPassword,sambaLMPassword,sambaNTPassword by group="cn=LdapAdmins,ou=Security,dc=dialog,dc=usu,dc=ru" write by anonymous auth by self write by * none
access to [EMAIL PROTECTED],@posixGroup,ou,entry
by group="cn=LdapAdmins,ou=Security,dc=dialog,dc=usu,dc=ru" write
by * readaccess to *
by group="cn=LdapAdmins,ou=Security,dc=dialog,dc=usu,dc=ru" write
by self read
by * none-- Alexander E. Patrakov
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
