Is there a way to prevent the unhashed#user#password attribute from being
stored or used at all? I don't need it to be replicated anywhere--I presume
that the hashed password will be enough to authenticate users.
After upgrading our samba due to security scan, we are having problems setting and changing samba passwords. Originally I believe we were using samba-3.0.33 but have upgraded to samba3-3.6.3-44.el5. Now I can successfully add new ldap user, but when I try to set samba password I get a constraint violation using the same password. I set the samba password through a script but basically does a smbpasswd -a during the script to add the samba account. Doesn't samba rely on the account complexity that is in 389?
We are using 389-ds-1.2.1-1.el5
Has anyone configured 389-server to hold the SSH public key for users, and use that key instead of an authorized_keys file on each host for each user? Google has shown me the patch for OpenSSH and a little bit of the corresponding customization for OpenLDAP. Has anyone tried it with 389-server?
David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Failure is not an option. It comes bundled with the software.
We are trying to setup GSSAPI SASL authentication using Kerberos keytabs
between 389-ds 188.8.131.52 (on Fedora 15) and 184.108.40.206 (on Fedora 17).
However, we are getting an unspecified GSSAPI error. Are there
any known bugs / changes that could possible cause this to happen?