[Samba] LDAP with posix account (userPassword only)

I've setup samba to use LDAP passdb backend and it works fine.
LDAP has sambaNTPassword and more samba entities.
But I wonder if I can make samba work with userPassword only.

I think somebody is doing it and I look at their config but couldn't find
anything special.
Thanks.

[global]
workgroup = NT
netbios name = SAMBASERVER
server string = NT Master
passdb backend = tdbsam
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins lmhosts bcast hosts
add user script = smbldap-useradd -m '%u'
delete user script = smbldap-userdel '%u'
add group script = smbldap-groupadd '%g'
delete group script = smbldap-groupdel '%g'
add user to group script = smbldap-groupmod -m '%u' '%g'
delete user from group script = smbldap-groupmod -x '%u' '%g'
set primary group script = smbldap-usermod -g '%g' '%u'
add machine script = smbldap-useradd -w '%u'
logon script = login.bat
logon path =
logon drive = X:
logon home =
os level = 65
wins support = Yes
ldap admin dn = cn=Manager,dc=my-domain,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = Yes
ldap suffix = dc=my-domain,dc=com
ldap ssl = no
ldap timeout = 20
ldap user suffix = ou=People
idmap backend = ldapsam:ldap://localhost
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
ea support = Yes
map acl inherit = Yes
cups options = raw

[homes]
comment = Home Directories
valid users = MYDOMAIN\%S
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
guest ok = Yes
share modes = No

[Profiles]
path = /var/lib/samba/profiles
guest ok = Yes
browseable = No

[public]
comment = Public Stuff
path = /home/share
write list = +staff
read only = No
guest ok = Yes


slapd.conf

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema

allow bind_v2

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

access to dn.base=""
by self write
by * auth

access to attrs=userPassword
by self write
by * auth

access to attrs=shadowLastChange
by self write
by * read

access to *
by * read
by anonymous auth

idletimeout 30
database bdb
suffix dc=nt,dc=com
rootdn cn=Manager,dc=nt,dc=com
rootpw secret

replica host=nt.com:389
suffix="dc=nt,dc=com"
binddn="cn=updateuser,dc=nt,dc=com"
bindmethod=simple credentials=secret

access to attrs=sambaLMPassword,sambaNTPassword
by dn="cn=sambaadmin,dc=nt,dc=com" write
by * none

replogfile /var/lib/ldap/replogfile
directory /var/lib/ldap

index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
indes sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
indes person eq
index default sub
index sambaSIDList eq,pres
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On Wed, Jul 16, 2008 at 1:50 PM, Soohoon Lee <soohoon@gmail.com> wrote:
> I've setup samba to use LDAP passdb backend and it works fine.
> LDAP has sambaNTPassword and more samba entities.
> But I wonder if I can make samba work with userPassword only.

You'd need to use the windows password hash algorithm to fill your
userPassword attribute, among other things. It might be easier to
just replace parts of the authentication subsystem in your windows
clients (see http://rulink.rutgers.edu/pgina.html for example).

--Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba