Roger Spencer wrote: > I don't think I have the skill set to write something, but I'm willing > to poke around with the OpenLDAP samba module and look at the pyldap > plugin (where is it at?). Don't worry about it then. We'll have to get a C coder to take a look at it. > > Richard Megginson wrote: > >> Yes. We need a plug-in that will take updates to userPassword and >> update sambaNTPassword (and vice versa) and possibly other related >> things like the sambaLMPassword. >> >> Any volunteers? Mark McLoughlin posted some pyldap code that does >> this, and I believe OpenLDAP has a samba module/overlay that does this. >> >> Roger Spencer wrote: >> >>> >>> Craig White wrote: >>> >>>>> <..snip..> >>>>> >>>> >>>> ---- >>>> I am unclear how you are doing authentication by Windows users to the >>>> network in a normal login...via AD? >>>> >>>> anyway, my inclination is to setup Fedora-DS to use samba schema >>>> >>>> http://directory.fedora.redhat.com/wiki/Howto:Samba >>>> >>>> as that would give you a sambaNTPassword attribute which is >>>> normally the >>>> hashed password as expected but how that relates to question >>>> #2...updating the hash when the user changes their password...I >>>> suppose >>>> that would depend upon the chain of events that occur where/when the >>>> user changes their password...how is this information going to be sent >>>> to fedora-ds? >>>> >>>> Craig >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> >>> When I arrived on the scene, network authentication for windows >>> clients consisted of setting a local user id and password on a PC >>> and setting the same user id and password on a stand-alone samba >>> server. Of course, users had different ids for email, vpn, >>> shared-keys for wireless, etc. and passwords never changed (there >>> was a partial NIS setup going, so all was not bleak). >>> >>> What I'm doing is consolidating it all into FDS with the benifit of >>> a password policy. The samba schema worked great and also gets >>> samba using FDS for authentication. But this leaves one question: >>> what to do about having two sets of passwords in FDS? >>> >>> With samba running as an NT domain controller, and having PCs join >>> the domain, samba should take care of keeping the sambantpassord >>> correct when a Windows user changes their password. But what of the >>> userpassord attribute? What happens when that same user does an ssh >>> session into a Linux server, which if I understand correctly, will >>> use the userpassword attribute for authentication? >>> >>> Is there a way to keep the two password attributes in sync? I'm not >>> sure if it's possible to have all devices needing to do >>> authentication to use the NT style. >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>------------------------------------------------------------------------ >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060119/b95bb927/attachment.bin
