[Date Prev][Date Next] [Chronological] [Thread] [Top]

Getting OpenLDAP to auth users against sambaNTPassword



(resending, now I'm subscribed to OpenLDAP-devel...)

As an OpenLDAP user, and Samba developer, I'm hoping we can come to some
solution to this problem:

Samba users are forced to keep two different passwords in their
directory, when just one would do.  OpenLDAP is not doing
challenge-response authentication, and does not need the plaintext
password (for simple and PLAIN binds, at least).

I note with interest that there is a {LANMAN} password type available
for the userPassword attribute, but this does not quite meet the
requirements - for one thing it is case *INSENSITIVE*, which makes the
whole thing much weaker.  Secondly, it's on the wrong attribute...  

(Samba does not update this attribute, only it's own attributes).

Would it be possible to resolve this situation, for all our admins
sanity?  

I would propose (for want a better solution) a value of
{NTPASSWORD}sambaNTpassword to tell OpenLDAP to look at Samba's
attribute for the user's password.

Andrew Bartlett
-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

Attachment: signature.asc
Description: This is a digitally signed message part