> >> otherwise you have to keep passwords in clear and somehow emulate (is > >> OpenLDAP capable of this ?) sambaNTPassword via cleartext userPassword > > Password syncronization is trivial. See "ldap password sync" to do it > > from the Samba side or the smbk5pwd overlay to extend the > hmm... > sounds very good. > by the way, does smbk5pwd work on ldap_modify request ?
No, only the password modify operation. > PHP/ldap doesn't have any ldap_passwd equivalence, so I change passwords > via mhash-->ldap_modify on userPassword field. I'm pretty certain I recall having invoked extended operations via PHP in the past. Look at the annotated online manual in the LDAP section, probably under ldap_options(?) [ it has been awhile since I've done any web development ]. > > password-modify exop on the LDAP side to always set all passwords. Or > > the third option is to use Kerberos for authentication of non-CIFS > > connections as the Hiemdal KDC can use the same LDAP SAM as Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
