我安装了samba-4.1.12-24.el7_1.x86_64和openldap-2.4.39-7.el7.centos.x86_64和自助密码为 ladp 用户更改密码。
我注意到自助密码将改变 ldap 属性用户密码的价值。
配置完 smaba 后,我现在可以从我的 Windows PC 登录到\文件服务器\共享帐户在 ldap 中存在成功。
但看起来 samba 会使用sambaNT密码作为用户密码所以,我的问题是: 1. 是否可以使用 ldap attr 配置 samba用户密码2. 如果问题 1 的答案为否,当用户更改 ldap 属性时有什么方法用户密码从自助密码, 然后sambaNT密码也会改变吗?
ldap 中的用户信息之一是:
dn: uid=test,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
ou: people
cn: test
sn: test
uid: test
userPassword: {SHA}fEqNCco3Yq9h5ZUglD3CZJT4lBs=
mail: [email protected]
sambaSID: S-1-5-21-2877438406-135960529-4133751732-1102
sambaNTPassword: 9b33b03590e779419a0a162519590025
sambaPwdLastSet: 1447826752
uidNumber: 1102
homeDirectory: /home/test
sambaPrimaryGroupSID: S-1-5-21-2877438406-135960529-4133751732-5000
gidNumber: 5000
samba配置:
testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[shared]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
workgroup = DY-FILESERVER
netbios name = SMBSERVER
server string = Samba Server Version %v
passdb backend = ldapsam:ldap://localhost
log file = /var/log/samba/log.%m
max log size = 50
ldap admin dn = cn=root,dc=example,dc=com
ldap suffix = dc=example,dc=com
ldap user suffix = ou=people
idmap config * : backend = tdb
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[shared]
comment = shared dir for ldap users
path = /opt/ftpdata
writable = yes
read only = No
答案1
抱歉,我没有读过完整的文档自助密码,也可以配置为改变
$samba_mode = true;
经过此配置后,自助密码将更改两个属性 userPassword sambaNTpassword