[Samba] LDAP + samba + unix authentication

Beast indorama at rad.net.id
Thu Jan 15 04:45:05 GMT 2004

On Wed, 14 Jan 2004 13:16:37 -0800
Adalid Bruno <adalidb at sco.com> wrote:

> Hi,
> After a lot of trial and error I managed to get ldap + samba 3 running. 
> Samba now authenticates through ldap. But somehow the difference between 
> a unix and a samba login still exists.
> I use smbldap-useradd.pl to create an ldap entry. There are two options:
> With the "-a" option the entry contains the objectClass  
> "sambaSamAccount", and a lot of Windows related attributes.
> Without the mentioned option, the program creates an entry with 
> objectClass "posixAccount" and the normal nss attributes.
> Through smb.conf I have defined smbpasswd to use smbldap-useradd.pl to 
> update the passwd in the ldap directory.
> So, now I still have to have two entries per user in the ldap directory 
What do you mean with 2 entries? 2 separate dn?
Why not putting on same entry?

> because with the sambaSamAccount userPasswd is {SHA}encrypted  and with 
> the posixAccount the userPasswd is {CRYPT} encrypted. Though two entries 

Afaik, no userPasswd in samba schema, from where you got it?

> in LDAP is much more maintainable than anything I have seen before, I 
> still have the idea that things can be solved  more gracefull, with one 
> entry and an automised password sync between unix and samba.
> Any suggestions?

Since you're using custom scenario, you have to made customs "passwd program" to update both entries.
Don't forget to set "unix password sync" to yes.

> ****
> Robert,
> Have you tried SCO Vintella for the password authentication?

No, thank you :-)


More information about the samba mailing list