[Samba] Re: Samba 3.0 and Active Directory Replication

paul paul at subsignal.org
Mon Jul 21 23:49:18 GMT 2003

Jamrock wrote:
> Hi Paul,
>>you may have read the docu but... anyway replacing /etc/passwd is
>>achieved by a different NSS source (could be ldap, nis, whatever). If
>>you gonna use LDAP as SAM backend you don't need /etc/samba/smbpasswd
>>anymore. (you need nss_ldap and possibly pam_ldap from padl.com)
> Fine.  I am currently going through the 385 page Samba manual.   Where can I
> find more info. about the other NSS sources? 
(applies to linux) look at /etc/nsswitch.conf and the corresponding 
manpage, search google for nss. There are various modules out there 
(found one for mysql and radius).
  What are the
> advantages/disadvantages of using another one?
Depends on your situation, if you have already users in mysql... but if 
you're starting from scratch, I'd recomend LDAP, as it provides nice 
features (replication, ACL's, authentication via SASL, TLS support,...)
I don't like NIS, it's very insecure, NIS+ might be better but I haven't 
looked at.

> With Samba 2.x we need to create the user in two places.  I was just
> checking to see if we could now create the user in just one.0
Yes. You can hold all info in your directory, replicate it for security 
and redundancy and let all your sambas authenticate against it (better 
use TLS for that ;)). With the hooks given by samba ( add user script, 
add machine script..) it is easier to automate most of the daily tasks.

hope this helps

> Regards.

More information about the samba mailing list