fedora-directory-users-request@xxxxxxxxxx wrote:
From: Mark McLoughlin <markmc@xxxxxxxxxx>
Subject: Re: Samba & Fedora Directory Server
Integration
Yeah, it sucks.
One of the main issues is that for SMB authentication each user's
password needs to be stored in LM and NT formats in the sambaNTPassword
and sambaLMPassword attributes. So, when the user set its password, some
code needs to have access to the plaintext password and translate it
into LM and NT format. The easiest way is to use smbpassword, but you
could use your own code to set the password in all formats at once ....
or, I'm sure you could right a fedora-ds plugin which would save the
password in those formats whenever it is set.
But it doesn't end there. Even just for SMB authentication, there are
other attributes which smbpasswd manages and there's a lot of voodoo
involved.
To give you idea of the kind of stuff you need to do in order to not
use smbpasswd, see the code below. I wish I could explain the code in
detail, but I've forgotten a lot of the details.
Sure it's tedious, but it's not so bad. The OpenLDAP smbk5pwd module
that I wrote handles it easily enough, and I've written a SLAPI plugin
(written for SunONE, probably works fine on Fedora-DS but untested as
yet) that does pretty much the same.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
