Re: [Samba] exported LDAP DB > file > smbpasswd?
I would also like to add that since Samba and in effect Windows does not behave like Nix with regards to who you are and what you are trying to do, looks like I will have to integrate PDC functionality into my LDAP server :( Man, this easily quadruples my over all LDAP database, gross. But at least SSO will work. Am I on the right track? - aurf On May 25, 2012, at 9:44 AM, Gaiseric Vandal wrote: > pbdedit will export the "Windows" password from the "SambaNTPassword" > field (won't it?) > > My understanding was the pGina was using the unix password in the > "userPassword" field? Or am I wrong? > > > > > On 05/25/12 09:36, aurfalien wrote: >> Now thats brilliant, elegant and simple. >> >> Thanks Collen, looking forward to trying it. >> >> - aurf >> On May 25, 2012, at 2:31 AM, Collen wrote: >> >>> Hi, >>> >>> why not export with pdbedit and then import it again ?! >>> no converting needed... (except for smb.conf that is.) >>> >>> cheers. >>> >>> On 25-5-2012 0:01, Gaiseric Vandal wrote: >>>> Just what is in the documentation on samba.org. >>>> >>>> Anything involving plain-text authentication seems to be discouraged. >>>> >>>> >>>> >>>> On 05/24/12 17:56, aurfalien wrote: >>>>>> On 05/24/12 16:25, aurfalien wrote: >>>>>>> Hi all, >>>>>>> >>>>>>> I am using OpenLDAP and over have ~800 users in its DB. >>>>>>> >>>>>>> I would like to simply use Samba as a file server, no PDC. >>>>>>> >>>>>>> I have been able to export my LDAP DB to a file containing hashes of >>>>>>> users passwords. >>>>>>> >>>>>>> Is there a way I can import this file to smbpasswd or other file that >>>>>>> Samba understands so that my 800 some odd users won't have to re >>>>>>> register there passwords? >>>>>>> >>>>>>> I would really love to avoid having 800 annoyed users retyping there >>>>>>> passwords for accessing shares. >>>>>>> >>>>>>> I have them currently authenticating on Windows via an LDAP client >>>>>>> (pGina). >>>>>>> >>>>>>> - aurf >>>>>> -- >>>>>> To unsubscribe from this list go to the following URL and read the >>>>>> instructions: https://lists.samba.org/mailman/options/samba >>> -- >>> --- >>> Collen Blijenberg - systeem/netwerk beheerder >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] exported LDAP DB > file > smbpasswd?
I am using pGina for authing, correct. But when I map drive shares, I'll need some kind of authing mechanism. My desire was this; Since I already auth the user during there pGina login to Windows, I did not want to auth again for drive mapping to a Samba server. But... since this SSO doesn't carry through to Samba as the Samba file server does not know who this person is requesting a drive map, they will need to input credentials. What I would really LOVE is this; Since authing has already been taking care of during log in, to be able to map a drive as that user w/o needing the input a password. This way whatever they touch on the server will maintain there UID/GID or UGO rather. This in effect will make Samba act as NFS in a way with regards to security (who are you and what are you allowed to do). - aurf On May 25, 2012, at 9:44 AM, Gaiseric Vandal wrote: > pbdedit will export the "Windows" password from the "SambaNTPassword" > field (won't it?) > > My understanding was the pGina was using the unix password in the > "userPassword" field? Or am I wrong? > > > > > On 05/25/12 09:36, aurfalien wrote: >> Now thats brilliant, elegant and simple. >> >> Thanks Collen, looking forward to trying it. >> >> - aurf >> On May 25, 2012, at 2:31 AM, Collen wrote: >> >>> Hi, >>> >>> why not export with pdbedit and then import it again ?! >>> no converting needed... (except for smb.conf that is.) >>> >>> cheers. >>> >>> On 25-5-2012 0:01, Gaiseric Vandal wrote: >>>> Just what is in the documentation on samba.org. >>>> >>>> Anything involving plain-text authentication seems to be discouraged. >>>> >>>> >>>> >>>> On 05/24/12 17:56, aurfalien wrote: >>>>>> On 05/24/12 16:25, aurfalien wrote: >>>>>>> Hi all, >>>>>>> >>>>>>> I am using OpenLDAP and over have ~800 users in its DB. >>>>>>> >>>>>>> I would like to simply use Samba as a file server, no PDC. >>>>>>> >>>>>>> I have been able to export my LDAP DB to a file containing hashes of >>>>>>> users passwords. >>>>>>> >>>>>>> Is there a way I can import this file to smbpasswd or other file that >>>>>>> Samba understands so that my 800 some odd users won't have to re >>>>>>> register there passwords? >>>>>>> >>>>>>> I would really love to avoid having 800 annoyed users retyping there >>>>>>> passwords for accessing shares. >>>>>>> >>>>>>> I have them currently authenticating on Windows via an LDAP client >>>>>>> (pGina). >>>>>>> >>>>>>> - aurf >>>>>> -- >>>>>> To unsubscribe from this list go to the following URL and read the >>>>>> instructions: https://lists.samba.org/mailman/options/samba >>> -- >>> --- >>> Collen Blijenberg - systeem/netwerk beheerder >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] exported LDAP DB > file > smbpasswd?
Now thats brilliant, elegant and simple. Thanks Collen, looking forward to trying it. - aurf On May 25, 2012, at 2:31 AM, Collen wrote: > Hi, > > why not export with pdbedit and then import it again ?! > no converting needed... (except for smb.conf that is.) > > cheers. > > On 25-5-2012 0:01, Gaiseric Vandal wrote: >> Just what is in the documentation on samba.org. >> >> Anything involving plain-text authentication seems to be discouraged. >> >> >> >> On 05/24/12 17:56, aurfalien wrote: >>>> >>>> On 05/24/12 16:25, aurfalien wrote: >>>>> Hi all, >>>>> >>>>> I am using OpenLDAP and over have ~800 users in its DB. >>>>> >>>>> I would like to simply use Samba as a file server, no PDC. >>>>> >>>>> I have been able to export my LDAP DB to a file containing hashes of >>>>> users passwords. >>>>> >>>>> Is there a way I can import this file to smbpasswd or other file that >>>>> Samba understands so that my 800 some odd users won't have to re register >>>>> there passwords? >>>>> >>>>> I would really love to avoid having 800 annoyed users retyping there >>>>> passwords for accessing shares. >>>>> >>>>> I have them currently authenticating on Windows via an LDAP client >>>>> (pGina). >>>>> >>>>> - aurf >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >> > > -- > --- > Collen Blijenberg - systeem/netwerk beheerder > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] exported LDAP DB > file > smbpasswd?
Hi Gaiseric, I tried w/o success in configuring Samba + PAM last night. Do you know now of any documentation that would help? - aurf On May 24, 2012, at 5:35 PM, Gaiseric Vandal wrote: > Presumably with the PGINA/LDAP solution, the has method is something > unix-compatible (e.g. unix crypt+md5, or SSHA) that is hard to break > with a password cracking program? Are the LDAP transmissions done in > the clear? If so, you could sniff the traffic and capture the > passwords. (You may not consider this ethical.) Either way, if you > had a database of plain text passwords you could then create the NTLM > passwords for each user. > > You could try configuring samba to use permit plain text passwords for > authentication. I think (but not sure) that could then configure samba > to use pam authentication (the same way a unix login would.) But you > would then need to configure all the Windows PC's to support plain text > passwords. > > > > > > > > > On 05/24/12 16:25, aurfalien wrote: >> Hi all, >> >> I am using OpenLDAP and over have ~800 users in its DB. >> >> I would like to simply use Samba as a file server, no PDC. >> >> I have been able to export my LDAP DB to a file containing hashes of users >> passwords. >> >> Is there a way I can import this file to smbpasswd or other file that Samba >> understands so that my 800 some odd users won't have to re register there >> passwords? >> >> I would really love to avoid having 800 annoyed users retyping there >> passwords for accessing shares. >> >> I have them currently authenticating on Windows via an LDAP client (pGina). >> >> - aurf > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] exported LDAP DB > file > smbpasswd?
Hi all, I am using OpenLDAP and over have ~800 users in its DB. I would like to simply use Samba as a file server, no PDC. I have been able to export my LDAP DB to a file containing hashes of users passwords. Is there a way I can import this file to smbpasswd or other file that Samba understands so that my 800 some odd users won't have to re register there passwords? I would really love to avoid having 800 annoyed users retyping there passwords for accessing shares. I have them currently authenticating on Windows via an LDAP client (pGina). - aurf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Some what breaking security model in Samba; LDAP + SMB shares
Hi all, Been a Samba user for some time now. I have a sort of odd request due to the nature of my env. I have been authing my XP/7 clients against OpenLDAP for years now and all is well (using pGina). I've even wrote a few scripts to tie in the SFU NFS client so that all is clean with regards to UGO of files/dirs. However because NFS just plain sux on M$, I wish to come back to Samba as its so darn fast. Is there any way I can simply map Samba shares as a user w/o a password to preserve UGO? This can't be a guest map as I really need owner ship/mask to follow the user login. I mean my users auth to login using my OpenLDAP server so I don;t feel the need to auth again for drive mapping. And I can't have any Samba fromage (thats good cheese by the way as I love cheese) in my LDAP DB. Thanks in advance, - aurf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Samba} Can't do roaming profiles (Solved)
Hi, I hope this isn't a sign of things to come when upgrading to Samba 3. Using 2.2.7, I simply omit; logon path where you have logon path = \\%L\profiles\%U Before I omitted the logon path flag, I also couldn't get roaming profiles to work. The default is what ever is defined in /etc/passwd to be your home dir location. Would you mind trying this with a clean 2K box and my omission to see if it works? I don't like doing custom client configs due to complexities in large scale client rollouts. Cloning is cool but isn't always applicable. -aurf - Do you Yahoo!? The New Yahoo! Shopping - with improved product search -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba