is synchronizing with sasl so if I can get samba
> and my windows clients to authenticate using sasl, then I don't need to keep
> password hashes in ldap.
>
> Is this possible?
>
> Thanks.
>
>
> On 6/6/05 6:13 PM, "Ti Leggett" <[EMAIL PROTECTED]>
.pl that also update
> >the KERBEROS password.
> >
> >Linux users just have to use :
> >smbpasswd -r PDC_SERVER
> >That command update SAMBA password and again it called
> >/krb5_update_pwd.pl to sync the kerberos password
> >
> >I know there are some s
that about right?
On Mon, 2005-05-30 at 21:05 -0500, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Ti Leggett wrote:
>
> > So, here's my new question (I'm full of em): Are LDAP actions
> > done as the Samab ldap admin dn or th
ed beautifully.
So, here's my new question (I'm full of em): Are LDAP actions done as
the Samab ldap admin dn or the user doing the action? It appears the
latter is the case.
On Mon, 2005-05-09 at 10:29 -0500, Ti Leggett wrote:
> Unfortunately this still doesn't work. As a not
The with Kerberos option is only to allow samba to authenticate to a
Microsoft Active Directory Kerberos server. You basically have two
options: keep using smbpasswd files or store the passwords in an LDAP
directory. It seems the recommended method by the Samba team is to use
LDAP. However, you can
Unfortunately this still doesn't work. As a note, I thought about this
and had added the root account to the Domain Admins group.
On Fri, 2005-05-06 at 17:30 -0400, Josh Kelley wrote:
> Try doing the "net rpc rights" as a
>
> Ti Leggett wrote:
>
> >However t
No problem, now let's just hope I'm right in my explanation ;)
On Thu, 2005-05-05 at 12:11 +0200, José M. Fandiño wrote:
> Ti Leggett wrote:
> >
> > The kerberos libraries are linked in for kerberos authentication to a MS
> > AD server not for other third party ke
On Wed, 2005-05-04 at 19:17 +0200, José M. Fandiño wrote:
> Ti Leggett wrote:
> >
> > That may be true, but there is another win in this type of environment.
> > Separation of your authentication database from your identity management
> > database. Regardless of h
The kerberos libraries are linked in for kerberos authentication to a MS
AD server not for other third party kerberos databases.
On Wed, 2005-05-04 at 19:45 +0200, José M. Fandiño wrote:
> "José M. Fandiño" wrote:
> >
> > Ti Leggett wrote:
> > >
> > >
KDC then at least it's not easy to gain those passwords. If you
keep your passwords in LDAP, then you need to be very careful about who
has access to them.
On Wed, 2005-05-04 at 13:26 +0200, José M. Fandiño wrote:
> Hello Ti,
>
> Ti Leggett wrote:
> >
> > There are two
So I'm still doing something wrong. I now have a root sambaSamAccount in
my directory with the PrimaryGroupSID of the Domain Admins SID. The ldap
admin dn can write to the directory. From my PDC I can do the following
successfully:
net -S localhost rpc join (Success)
smbpasswd -a -w pdc (Success a
There are two main benefits to Kerberos authentication. The first is
that in a true Kerberos environment, no password is never sent across
the wire. The second, is that you get the holy grail of single sign on.
Your LDAP PDC should be able to make use of Kerberos though not in the
true sense. Ther
hings?
I just removed the Kerberos information from my Windows client and tried
only using, as far as I can tell, the LDAP information and the client
still comes back saying the user name is unknown.
On Sat, 2005-04-23 at 08:07 -0500, Ti Leggett wrote:
> Ok, so I'm just trying to figure o
t Kerberos and LDAP.
I'm curios how Apple does what seems to be just this with their
OpenDirectory, which is only MIT Kerberos, OpenLDAP, Cyrus SASL, and
Samba 3.0 (at least they claim it's only this).
On Fri, 2005-04-22 at 18:52 -0500, Franco "Sensei" wrote:
> Ti Leggett wrote:
bjectClass: sambaGroupMapping
cn: Domain Guests
gidNumber: 1013
sambaGroupType: 2
description: Windows Domain Guests
sambaSID: S-1-5-21-2230234512-1629394365-1821015051-514
dn: uid=leggett,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass:
15 matches
Mail list logo