[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getting OpenLDAP to auth users against sambaNTPassword

On Fri, 2003-06-20 at 06:08, Roger Sen Montero wrote:
>  Sorry if I'm late regarding this thread but I'm a lurker.
> Recently a customer asked  for synchronizing NT SAM data (accounts and
> passwords) and a openldap  server. Password sync must be on-line, but
> accounts can be done in batch mode (on-line is desirable, but not a must)

It sounds like you want to discuss Samba's 'vampire' features over on
the samba lists.

>  We have different solutions for password sync and the 'standard one'
> seems to be:
>    CYRUS SASL V 2.1.7
>    BerkeleyDB 4.0
>    pam_winbind (included in the SAMBA package)
>    OpenLDAP 2.1.x
>  as stated in:
> http://www.enic.fr/people/landru/lobster/openldap/OpenLDAP-authenticating-with-PAM.txt
>  but as some one said here 'it must be easier than this'. Is it possible
> with the 2.2 SLAPI plug-in architecture to get the data from the NT domain
> in the same way pam_winbind does (coding PAM in the plugin or moving the
> code from the pam_winbind to the SLAPI plugin).

Moving code from pam_winbind into anything else has *bad idea* written
all over it.  The winbind pipe protocol is a samba-internal protocol,
and we do change it at will.  I produced a utility (ntlm_auth) to
specifically get squid out of this mess (which I got them into :-).

>  Can I hook change password operations to do the same change password
> operation in the NT domain?
>  Suppose I need it now, and 2.2 is still not 'production code'. What can I
> do with 2.1?
>  Is it possible to stack backends in 2.1? Other possibility is coding a
> back-passwd-winnt to filter the password related operations and let the
> rest pass-thru to the main backend.
>  Regards,
> rogersm.
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

Attachment: signature.asc
Description: This is a digitally signed message part