I don't think I have the skill set to write something, but I'm willing
to poke around with the OpenLDAP samba module and look at the pyldap
plugin (where is it at?).
Richard Megginson wrote:
Yes. We
need a plug-in that will take updates to userPassword and update
sambaNTPassword (and vice versa) and possibly other related things like
the sambaLMPassword.
Any volunteers? Mark McLoughlin posted some pyldap code that does
this, and I believe OpenLDAP has a samba module/overlay that does this.
Roger Spencer wrote:
Craig White wrote:
<..snip..>
----
I am unclear how you are doing authentication by Windows users to the
network in a normal login...via AD?
anyway, my inclination is to setup Fedora-DS to use samba schema
http://directory.fedora.redhat.com/wiki/Howto:Samba
as that would give you a sambaNTPassword attribute which is normally
the
hashed password as expected but how that relates to question
#2...updating the hash when the user changes their password...I suppose
that would depend upon the chain of events that occur where/when the
user changes their password...how is this information going to be sent
to fedora-ds?
Craig
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
When I arrived on the scene, network authentication for windows clients
consisted of setting a local user id and password on a PC and setting
the same user id and password on a stand-alone samba server. Of
course, users had different ids for email, vpn, shared-keys for
wireless, etc. and passwords never changed (there was a partial NIS
setup going, so all was not bleak).
What I'm doing is consolidating it all into FDS with the benifit of a
password policy. The samba schema worked great and also gets samba
using FDS for authentication. But this leaves one question: what to
do about having two sets of passwords in FDS?
With samba running as an NT domain controller, and having PCs join the
domain, samba should take care of keeping the sambantpassord correct
when a Windows user changes their password. But what of the
userpassord attribute? What happens when that same user does an ssh
session into a Linux server, which if I understand correctly, will use
the userpassword attribute for authentication?
Is there a way to keep the two password attributes in sync? I'm not
sure if it's possible to have all devices needing to do authentication
to use the NT style.
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
|
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
