On Monday, 16.04.2007 at 16:06 +0100, James Ray wrote: > I am trying to work out if the current setup is possible: I would like > to have Samba running to authenticate shares for /home directories > running under FC6. All of my users are posixAccount's in an LDAP > Directory. > > I would like to use this information to authenticate these shares but > without making any changes to the LDAP Directory itself (so including > no new objects or schema changes). > > Is there any way to do this? All my previous attempts have led to the > Samba server doing a search on objectClass=sambaSamAccount which I of > course would rather not have. Is it just possible to use the standard > password attribute for authentication? Does anyone have a sample setup > of such a situation?
I suspect this is not possible, for the following reason. Windows clients don't send the plain password across the network to the Samba server, they send a password hash (typically the NT password hash). This hash has to be compared with something in order to authenticate: the standard LDAP userPassword hash is a different hash and so cannot be used. And you don't have the plain password from the client in order to *create* a userPassword-style hash (MD5 or crypt or whatever) to compare against LDAP. There are two options: 1. Add the Samba schema - probably the best way; 2. Configure all your Windows clients to send plain passwords. This is almost certainly a really bad idea. Dave. -- Dave Ewart [EMAIL PROTECTED] Computing Manager, Cancer Epidemiology Unit Cancer Research UK / Oxford University PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370 Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc N 51.7518, W 1.2016
signature.asc
Description: Digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
