There is a way to sync passwords. It's not perfect but it works if you
can live with passwords stored as reversible encryption in samba4.
1. Allow clear text password by using samba-tools
2. Enable reversible encryption on each user (can be done with ms ad tool)
3. Make a query and use samba pytho
On 26.2.2013 23:34, Andrew Bartlett wrote:
> On Tue, 2013-02-26 at 18:16 +0200, Pekka L.J. Jalkanen wrote:
>> True, webservers can authenticate against AD in a similar fashion to
>> other LDAPs. But that's not the whole story.
>>
>> The thing is that Samba 4 is designed from a ground up with AD in
On Tue, 2013-02-26 at 18:16 +0200, Pekka L.J. Jalkanen wrote:
> True, webservers can authenticate against AD in a similar fashion to
> other LDAPs. But that's not the whole story.
>
> The thing is that Samba 4 is designed from a ground up with AD in mind,
> and AD itself has been designed with wor
>> PLJJ> I know that if I were running a Windows AD, I could most likely
>> PLJJ> accomplish what I want with--if nothing else--the 389 DS by using
>> PLJJ> DS-provided Password Sync Service (see
>> PLJJ>
>> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administr
On 26.2.2013 17:16, Gregory Sloop wrote:
>
>
> PLJJ> I know that if I were running a Windows AD, I could most likely
> PLJJ> accomplish what I want with--if nothing else--the 389 DS by using
> PLJJ> DS-provided Password Sync Service (see
> PLJJ>
> https://access.redhat.com/knowledge/docs/en-US/R
True, webservers can authenticate against AD in a similar fashion to
other LDAPs. But that's not the whole story.
The thing is that Samba 4 is designed from a ground up with AD in mind,
and AD itself has been designed with workstation authentication and NT4
client compatibility in mind. All this a
PLJJ> I know that if I were running a Windows AD, I could most likely
PLJJ> accomplish what I want with--if nothing else--the 389 DS by using
PLJJ> DS-provided Password Sync Service (see
PLJJ>
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/W
Apache can authenticate against samba4 ads the same way as if it were
openldap.
http://wiki.samba.org/index.php/Samba4/beyond
Good Luck
Daniel
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen