[Samba] stand-alone server with ldap-auth without AD
Rowland Penny
rpenny at samba.org
Wed Mar 23 17:02:36 UTC 2022
On Wed, 2022-03-23 at 12:53 -0400, Gaiseric Vandal via samba wrote:
> You need to have an account on the LDAP server that samba can use to
> read user information including the Windows password field.
> Then
> you need to configure smb.conf with the server name, the search
> path,
> the ldap name and password.
>
> I think what is going to be a problem is that the "NT4" Windows
> password
> requires a separate password field than the regular LDAP password,
> and
> keeping the 2 in sync will be a challenge. The client machines
> will
> be sending a hash of the user password to the server (rather than
> "plaintext" password over TLS.) In fact the schema on the LDAP
> server may need to be extended.
If a new NT4-style machine is being set up, you should be aware that
they rely on SMBv1 and this is going away. You could end up within a
year or two having to upgrade again or use an older version of Samba.
Rowland
More information about the samba
mailing list