Dear list,
I would like to know if the following statements are true, just to make sure that my understanding of passwords/ldap stuff is correct...
Vampireing passwords from an nt4 pdc only populates the ldap server with windows passwords, and not the (linux) userPassword. Authenticating linux logons against this ldap server is therefore only possible using winbind.
'Normal' ldap enabled software can NOT authenticate against this ldap, because they expect a userPassword, and by simply vampireing this password is left blank.
The "ldap passwd sync = yes" smb.conf option makes sure that when updating the 'windows' password (via idealx scripts, for example) the (linux) userPassword get's updated as well.
So: suppose I migrate our domain to samba, and on the first samba day, I set all accounts to 'required to change password upon first login' I would end up having new passwords for everybody, both for windows and linux. And all normal ldap enabled software would then be able to use that ldap directory to authenticate to.
Are these assumptions correct? Thanks very much for feedback.
Yours, Mourik Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
