Hi I'm using Samba 4 to serve Linux and win 7 clients.
I'd like to use GSSAPI to bind to the Samba 4 LDAP to extract the attributes I've added for the Linux clients. nslcd advertises such support, but keeps telling me 'Unknown authentication method'. As a workaround I've done this:
I'm using nss-ldapd to map user attributes via nfs4 to the Linux clients. Works fine, but the binddn and bindpw have to be stored in /etc. nslcd runs as user nslcd and I have the permissions on /etc/nslcd.conf set to 0400 nslcd:nslcd. I've discovered that any user can do the bind, so it's not the Admin password that is needed.
Until I can get the kerberized bind working (probably never!), any comments about the security of this? Are there other processes where passwords have to be stored in a file?
Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
