Hello,
I am trying to make Samba authenticate to DS. I used this guide http://port389.org/wiki/Howto:Samba, the Samba server is set up also to authenticate users via SSH/console following this guide http://www.couyon.net/1/post/2012/4/enabling-ldap-usergroup-support-and-auth...
Things are working this way:
when I add a user to Samba (smbpasswd -a user), the LDAP scheme for the user is modified and there are several new attributes added. One of them is sambaNTPassword, which seems to be used for authentication. When I set it via phpldapadmin to '123', the user authenticates with this password, and not with the one used for SSH for example. Is there a way to 'force' samba to use the 'password' value instead of 'sambaNTPassword'? I don't want to tell the user that he must remember different password for accessing Samba.
Thanks in advance,
On 20.02.2013 г. 18:25 ч., Todor Petkov wrote:
Hello,
I am trying to make Samba authenticate to DS. I used this guide http://port389.org/wiki/Howto:Samba, the Samba server is set up also to authenticate users via SSH/console following this guide http://www.couyon.net/1/post/2012/4/enabling-ldap-usergroup-support-and-auth...
Things are working this way:
when I add a user to Samba (smbpasswd -a user), the LDAP scheme for the user is modified and there are several new attributes added. One of them is sambaNTPassword, which seems to be used for authentication. When I set it via phpldapadmin to '123', the user authenticates with this password, and not with the one used for SSH for example. Is there a way to 'force' samba to use the 'password' value instead of 'sambaNTPassword'? I don't want to tell the user that he must remember different password for accessing Samba.
No, since they are stored using different encryption methods.
However, you can: * authenticate SSH users against sambaNTPassword with winbind * set "ldap passwd sync = yes" in smb.conf so that samba will update userPassword whenever sambaNTPassword is changed (user does ctrl+alt+del, change password).
Best regards. Deyan
On 22/02/2013 05:14 PM, Deyan Stoykov wrote:
No, since they are stored using different encryption methods.
However, you can:
- authenticate SSH users against sambaNTPassword with winbind
- set "ldap passwd sync = yes" in smb.conf so that samba will update
userPassword whenever sambaNTPassword is changed (user does ctrl+alt+del, change password).
Best regards. Deyan
Well, I want the opposite;)
I want Samba to use the 'password' field from the user record in DS, not 'sambaNTPassword'.
Maybe I will try to make Samba4 work with DS as LDAP.
Todor,
Are the values the same? i.e. the password hash? If it is, I'd use a COS pointer, essentially pointing sambaNTPassword to Password.
http://directory.fedoraproject.org/wiki/Howto:ClassOfService
Dan
-----Original Message----- From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Todor Petkov Sent: Wednesday, February 20, 2013 11:26 AM To: 389 Users Subject: [389-users] Samba authentication via DS/LDAP
Hello,
I am trying to make Samba authenticate to DS. I used this guide http://port389.org/wiki/Howto:Samba, the Samba server is set up also to authenticate users via SSH/console following this guide http://www.couyon.net/1/post/2012/4/enabling-ldap-usergroup-support-and-auth...
Things are working this way:
when I add a user to Samba (smbpasswd -a user), the LDAP scheme for the user is modified and there are several new attributes added. One of them is sambaNTPassword, which seems to be used for authentication. When I set it via phpldapadmin to '123', the user authenticates with this password, and not with the one used for SSH for example. Is there a way to 'force' samba to use the 'password' value instead of 'sambaNTPassword'? I don't want to tell the user that he must remember different password for accessing Samba.
Thanks in advance,
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 02/22/2013 06:46 PM, Dan Lavu wrote:
Todor,
Are the values the same? i.e. the password hash? If it is, I'd use a COS pointer, essentially pointing sambaNTPassword to Password.
It's not the same. 389 doesn't support the RC2 and "DES" required by samba.
http://directory.fedoraproject.org/wiki/Howto:ClassOfService
Dan
-----Original Message----- From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Todor Petkov Sent: Wednesday, February 20, 2013 11:26 AM To: 389 Users Subject: [389-users] Samba authentication via DS/LDAP
Hello,
I am trying to make Samba authenticate to DS. I used this guide http://port389.org/wiki/Howto:Samba, the Samba server is set up also to authenticate users via SSH/console following this guide http://www.couyon.net/1/post/2012/4/enabling-ldap-usergroup-support-and-auth...
Things are working this way:
when I add a user to Samba (smbpasswd -a user), the LDAP scheme for the user is modified and there are several new attributes added. One of them is sambaNTPassword, which seems to be used for authentication. When I set it via phpldapadmin to '123', the user authenticates with this password, and not with the one used for SSH for example. Is there a way to 'force' samba to use the 'password' value instead of 'sambaNTPassword'? I don't want to tell the user that he must remember different password for accessing Samba.
Thanks in advance,
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
Dan Lavu -
Deyan Stoykov -
Rich Megginson -
Todor Petkov