On Thu, 2009-03-26 at 22:35 -0400, jeff sacksteder wrote: > I'm try to create a single sign on configuration for a home > fileserver, storing user accounts in the directory and using those > credentials to authenticate Linux shell logins, server applications > and PDC logins.
Not single sign on (that is Kerberos), but unified (one) login. > It appears that the uid and SID are the only mandatory attributes, but > I also see attributes for storing the passwd or pw hash. Is the passwd > to be stored in the LDAP record twice - once as a posix pw and once as > a domain pw? No, three times. Your "UNIX" password crypt in userpassword and twice for cifs: once as an NT hash (MD5?) and one as a LANMAN hash. It works out fine - just change your passwords via Samba or use the standard change-password extended operation [LDAP] with the smbk5 module and they will all be updated simultaneously. > Can't Samba just use the existing pw attribute? No. > If I attempt to auth, check_ntlm_password returns > NT_STATUS_WRONG_PASSWORD. Could that also result from not being able > to find the appropriate pw attribute? Yep. -- OpenGroupware developer: awill...@whitemice.org <http://whitemiceconsulting.blogspot.com/> OpenGroupare & Cyrus IMAPd documenation @ <http://docs.opengroupware.org/Members/whitemice/wmogag/file_view> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba