[Samba] LDAP + samba + unix authentication

Adalid Bruno adalidb at sco.com
Wed Jan 14 21:16:37 GMT 2004

After a lot of trial and error I managed to get ldap + samba 3 running. 
Samba now authenticates through ldap. But somehow the difference between 
a unix and a samba login still exists.

I use smbldap-useradd.pl to create an ldap entry. There are two options:
With the "-a" option the entry contains the objectClass  
"sambaSamAccount", and a lot of Windows related attributes.
Without the mentioned option, the program creates an entry with 
objectClass "posixAccount" and the normal nss attributes.

Through smb.conf I have defined smbpasswd to use smbldap-useradd.pl to 
update the passwd in the ldap directory.

So, now I still have to have two entries per user in the ldap directory 
because with the sambaSamAccount userPasswd is {SHA}encrypted  and with 
the posixAccount the userPasswd is {CRYPT} encrypted. Though two entries 
in LDAP is much more maintainable than anything I have seen before, I 
still have the idea that things can be solved  more gracefull, with one 
entry and an automised password sync between unix and samba.

Any suggestions?


Have you tried SCO Vintella for the password authentication?


You can doanload the software for free as a 60-eval copy at


Please let me know if it works, and what do we need to do to make it to 


More information about the samba mailing list