Samba4 4.0.0beta4, CentOS 6.3I have a 3*DC Samba4 domain in which everything tested so far appears to be working OK: ldap, kerberos, dns, windows client joins, replication, etc.
My question concerns binding Linux clients (CentOS 6) to the Samba4 LDAP server using sssd. If in /etc/sssd/sssd.conf I have several test boxes
that use: [domain/SAMBA4] ..... ldap_default_bind_dn = CN=Administrator,CN=users,... ldap_default_authtok = secret ldap_default_authtok_type = password ...and this works perfectly well. However, I would like to avoid embedding the domain administrator password in my clients for obvious reasons.
If I was using OpenLDAP (as I am on the non-Samba4 systems), I would create a suitable bind DN in the database: dn: cn=<hostname>,ou=Binddn,dc=... cn: <hostname> objectClass: top objectClass: organizationalRole objectClass: simpleSecurityObject userPassword:: <base64-password>and use this binddn on the clients; this works thanks to the ACL's that I have in the slapd configuration. However, this technique does not work with the Samba4 LDAP server presumably because the dn does not have suitable access rights to the database (no user accounts are visible).
What is the recommended way to set up the ldap_default_bind_dn? Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Linux] [Info Cyrus] [LARTC] [Bugtraq] [Netfilter] [Internet Dating Forums] [RAID] [Yosemite News] [Photography]
|
|