[Date Prev][Date Next]
Re: Questions about Active Directory Password Cache overlay
On Friday 04 April 2008 22:57:49 Wes Modes wrote:
> Thanks to Buchan Milne, I'm looking into the Active Directory Password
> Cache overlay for OpenLDAP, which seems to offer more or less what I'm
> trying to do. Is anyone here experienced with it? Is this the right
> place to ask or is there an openLDAP overlays list?
> I understand this description of ADPC:
> It is clear to me that after a password change, that a failure to
... with a simple bind ...
> initiates a new auth attempt against the KDC, and if it
> succeeds, ADPC caches the passwd as a hash in OpenLDAP. But if Samba
> fails to authenticate against the hash stored in sambaNTPassword, is a
> new authentication attempt made against the KDC? And if it does, where
> does it get the passwd to hash (since Samba never gets the passwd in
> NTLM authentication)?
> Practically speaking, it seems that the password that the overlay hashes
> has to come from a source other than Samba. A web app?
That's one way.
> How have people
> used it in the past?
Some people use LDAP for things besides samba (in my case, samba is about 5%
of my LDAP traffic for internal user accounts, which is about 1% of my total
LDAP traffic ...).