On Fri, 2005-01-07 at 23:01 -0500, Franciszek Michal Misa wrote: > Hi All, > > Hope someone here can help me ? > > *See end for background and system information... > > > I'm looking for advice or links to clear documentation on the use and > configuration of "net vampire" and it's ability to download PDC accounts > with passwords intact. > > I have successfully used "net vampire" to synchronize my Samba BDC -- > with my companies PDC. I've switched my linux box authentication -- > using "authconfig" -- to authenticate against LDAP. > > Seems to be working for all but accounts "net vampired" over.....
The one thing that the 'vampire' process will not do is return the plaintext password. This means that Samba cannot set the 'ldap password'. Your options are to use pam_winbind on your local machine, and authenticate local users against Samba, which then works against the NT and LM passwords we do have, or to use the Heimdal Krb5 snapshot described in https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap and pam_krb5. Or you can try and have pam_ldap -> OpenLDAP -> SASL PLAIN -> PAM -> pam_winbindd -> winbindd -> OpenLDAP... Yes, I know this sucks, and I've tried to have discussions with the OpenLDAP folks about how we could have OpenLDAP authenticate against these passwords in a sensible way, and the infrastructure was simply not up to it. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
