Re: [Samba] Synchronising password of some AD users with an external LDAP?

2013-03-16 Thread Johan Johansson
There is a way to sync passwords. It's not perfect but it works if you can live with passwords stored as reversible encryption in samba4. 1. Allow clear text password by using samba-tools 2. Enable reversible encryption on each user (can be done with ms ad tool) 3. Make a query and use samba pytho

Re: [Samba] Synchronising password of some AD users with an external LDAP?

2013-02-28 Thread Pekka L.J. Jalkanen
On 26.2.2013 23:34, Andrew Bartlett wrote: > On Tue, 2013-02-26 at 18:16 +0200, Pekka L.J. Jalkanen wrote: >> True, webservers can authenticate against AD in a similar fashion to >> other LDAPs. But that's not the whole story. >> >> The thing is that Samba 4 is designed from a ground up with AD in

Re: [Samba] Synchronising password of some AD users with an external LDAP?

2013-02-26 Thread Andrew Bartlett
On Tue, 2013-02-26 at 18:16 +0200, Pekka L.J. Jalkanen wrote: > True, webservers can authenticate against AD in a similar fashion to > other LDAPs. But that's not the whole story. > > The thing is that Samba 4 is designed from a ground up with AD in mind, > and AD itself has been designed with wor

Re: [Samba] Synchronising password of some AD users with an external LDAP?

2013-02-26 Thread Gregory Sloop
>> PLJJ> I know that if I were running a Windows AD, I could most likely >> PLJJ> accomplish what I want with--if nothing else--the 389 DS by using >> PLJJ> DS-provided Password Sync Service (see >> PLJJ> >> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administr

Re: [Samba] Synchronising password of some AD users with an external LDAP?

2013-02-26 Thread Pekka L.J. Jalkanen
On 26.2.2013 17:16, Gregory Sloop wrote: > > > PLJJ> I know that if I were running a Windows AD, I could most likely > PLJJ> accomplish what I want with--if nothing else--the 389 DS by using > PLJJ> DS-provided Password Sync Service (see > PLJJ> > https://access.redhat.com/knowledge/docs/en-US/R

Re: [Samba] Synchronising password of some AD users with an external LDAP?

2013-02-26 Thread Pekka L.J. Jalkanen
True, webservers can authenticate against AD in a similar fashion to other LDAPs. But that's not the whole story. The thing is that Samba 4 is designed from a ground up with AD in mind, and AD itself has been designed with workstation authentication and NT4 client compatibility in mind. All this a

Re: [Samba] Synchronising password of some AD users with an external LDAP?

2013-02-26 Thread Gregory Sloop
PLJJ> I know that if I were running a Windows AD, I could most likely PLJJ> accomplish what I want with--if nothing else--the 389 DS by using PLJJ> DS-provided Password Sync Service (see PLJJ> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/W

Re: [Samba] Synchronising password of some AD users with an external LDAP?

2013-02-26 Thread Daniel Müller
Apache can authenticate against samba4 ads the same way as if it were openldap. http://wiki.samba.org/index.php/Samba4/beyond Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen