I see to clarify the context. Everything is inside an intranet 10.X.X.X of my University and OpenFiler (Samba / Proftpd) server must act as file server for many users (about 100) against about 1000 total.
Authentication (with user password) is on University LDAP server. If I create a local LDAP I must then provide a synchronization (account / password) with University LDAP server that I can not manage/access/retrieve (I have an anonymous bind only). Subsequently testing (for security) I use tls for dialogue with University LDAP. My problem that I can not do work Samba on LDAP authentication without administration Alberto ---------- Original Message ----------- From: "Richard Foltyn" <[EMAIL PROTECTED]> To: [email protected] Sent: Wed, 10 Sep 2008 08:41:19 +0200 Subject: Re: [Samba] Failed to retrieve password from secrets.tdb with anonymous bind > Why don't you just *create* a dedicated samba DN in LDAP which Samba > can use? This is a much more secure setup than granting read or even > write access to passwords to unauthenticated external connections. > > The official smbldap-tools HOWTO even suggests how to do this: > > 1) Create an LDAP entry which might look like this: > > dn : cn=samba , ou=DSA, dc=IDEALX, dc=ORG > objectclass : organizationalRole > objectClass : top > objectClass : simpleSecurityObject > userPassword : sambasecretpwd > cn : samba > > 2) Set the password: > ldappasswd -x -h localhost -D "cn=Manager,dc=IDEALX,dc=ORG" -s > sambasecretpwd \ -W cn=samba,ou=DSA,dc=IDEALX,dc=ORG > > 3) Set you ldap admin dn in smb.conf > > 4) Set the samba password with smbpasswd > > Done. > > (See the HOWTO for details: > http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/ ) > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba ------- End of Original Message ------- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
