On Tuesday, 31.07.2012 at 12:11 +0200, Arokux B. wrote: > what are the minimum permissions for the attributes > sambaLMPassword/sambaNTPassword for the the LDAP administrator account > so that Samba is just enabled to use it for authentication with > ldapsam backend. > > It seems like auth is not enough, is this true?!
Unlike a direct LDAP bind for a user when one can be sufficient with just detecting a successful bind, Samba needs to be able to compare the stored sambaLMPassword/sambaNTPassword hashes with the hash provided by the client. That requires 'read' access at a minimum. (For password changes via this avenue, I believe you'd need 'write', although I'm less certain about that: might depend on the password change mechanism being used.) Dave. -- Dave Ewart da...@ceu.ox.ac.uk Computing Manager, Cancer Epidemiology Unit University of Oxford / Cancer Research UK N 51.7516, W 1.2152
signature.asc
Description: Digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba