[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Samba to Kerberos via OpenLDAP

Wes Modes <wmodes@ucsc.edu> writes:

> Thanks for all  your advice so far.
> First, I'll just say this is a question principally about the arcane mysteries
> of Samba to OpenLDAP authentication. 
> I've had Samba to OpenLDAP authentication running for a while now using the
> samba.schema and the ldapsam module.  Now I'd like to understand a bit more
> about how that works in order to take it a step further and get openLDAP to
> bind against a Kerberos database via SASL.
> An aside;  Yes, I'd heard that Samba can be configured to authenticate against
> Kerberos directly, but for my own reasons, I'd prefer that Samba talk only to
> OpenLDAP, and OpenLDAP can do the authentication.  I'll fall back on the Samba
> to Kerberos direct route if I can't find a way to do what I want.
> I've noted that the Samba schema and smbldap-tools add to the user record two
> Samba specific password fields,  sambaNTPassword and sambaLMPassword. 
> If I have the ldapsam module specified as the passdb backend in smb.conf, is
> OpenLDAP merely storing the samba passwords while Samba does the password
> comparisons?  Or does OpenLDAP do the authentication and return a yes or no?
> Is it possible to have Samba defer authentication to OpenLDAP?  If so, I can
> have OpenLDAP use the {SASL} method to do authentication via kerberos.

This is a Samba topic, not an OpenLDAP topic. 
Samba only can join a Windows Server KDC.


Dieter Klünter | Systemberatung