On Tuesday, 31.07.2012 at 12:11 +0200, Arokux B. wrote:
what are the minimum permissions for the attributes
sambaLMPassword/sambaNTPassword for the the LDAP administrator account
so that Samba is just enabled to use it for authentication with
ldapsam backend.
It seems like auth is not enough, is this true?!
Unlike a direct LDAP bind for a user when one can be sufficient with
just detecting a successful bind, Samba needs to be able to compare the
stored sambaLMPassword/sambaNTPassword hashes with the hash provided by
the client. That requires 'read' access at a minimum. (For password
changes via this avenue, I believe you'd need 'write', although I'm less
certain about that: might depend on the password change mechanism being
used.)
Dave.
--
Dave Ewart
da...@ceu.ox.ac.uk
Computing Manager, Cancer Epidemiology Unit
University of Oxford / Cancer Research UK
N 51.7516, W 1.2152
signature.asc
Description: Digital signature
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
