[Date Prev][Date Next]
How can i integrate KERBEROS/LDAP for Windows password-hashs ?
i'm using LDAP/CYRUS-SASL/KERBEROS
for authentification of LINUX-users in my network
I now wanna use this for sambaAccounts too, so that
the Windows-users use kerberized authentification too.
I tried something like that (an example,anonymized ..) :
(My REALM here is XY.AB)
acctFlags: [UX ]
You see, i just tried to change the hashs for
into the kerberized schema. I made two new principals
for the Win-pw-hashs that shall hold
the passwords in future.
This didn't work, although i used the original
hashs as password.
I think i made a mistake doing it this way,
does anybody have any suggestions how to do it ?
I have also a problem to include kpasswd into a script,
as it isn't possible to automize the password inputs.
I tried to build a script,
here's an example for admin/lmpw@XY.AB :
./kpasswd admin/lmpw << EOF
You see, the original hash from Windows shall be the new
But it doesn't work, as the output of it shows :
486dx66:/usr/local/kerberos/bin # ./mk
Password for admin/lmpw:
./kpasswd: Inappropriate ioctl for device while reading
The program doesn't accept the way i wanna fill it with
from stdin, too bad.
I will work on it , because i wanna have a solution
for my network, which should be a single-signon for
Win/LINUX-users using KERBEROS.
It would be fine if someone had time for an answer
which gives me hints how to work on.
Greetings from germany
PS: I used LDAPv3-HOWTO.html from Turbo Fredrikson
( http://www.bayour.com ) as guide how to work
I just can recommend it to everyone.