samba 4 Implementation

Andrew Bartlett abartlet at
Tue Mar 21 06:03:33 GMT 2006

On Mon, 2006-03-20 at 21:05 -0500, Sunando Sen wrote: 
> Hi:
> Just tried out the Samba 4 technical preview and have a few
> questions: Will samba eventually have a built-in, full fledged LDAP
> server? 

Yes.  While we certainly won't compare ourselves with the
standards-based products from other vendors (our aim is to please AD
clients first, and hopefully do so while complying with the standards),
it will include an LDAPv3 server.  We will not depend on other servers
but perhaps can use them if available.

> I noticed that as of now Samba cannot add a new user unless
> it exists in /etc/passwd. Could it not just create the user and keep
> all necessary info in its built-in database. What will it take for
> samba to store the usual information (homeDirectory, loginShell,
> userPassword, etc.)? 

Very little.  We just need to update the templates.

> Will it also be possible in future to extend the
> server by loading user defined schema? Alternatively, is it planned
> for samba to store everything in a third party directory server?

We will not depend on other servers but the aim is to be able to use
them if available.

> I noticed that after I started up samba4, I could kinit, and even
> openldap tools worked with SASL-GSSAPI. 

There are a couple of gotcha's on the SASL GSSAPI, but that's why it's there...

(I need to respect the negotiated buffer size, and to do that I need a
hand from some of the others working on Samba4 who grok the socket layer
better than I do)

> So it looks like eventually,
> I may get an ldap server and kdc for free! That's not bad,
> considering how much blood I had to sweat to get openldap and heimdal
> working together.

There is a reason I've been working on this :-)

> So, how long before SSO nirvana?

Much of it already exists.  There are plenty of details needing a bit of
work, but the fundementals are there, and can be used by the

I say foolhardy, because we don't have ACL protection on everything yet.
This should be fixed in the next TP or two, then I'll label it for the

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list