[Samba] multiple passdb backends: ldaps for users, everything else locally?

Paul Gienger pgienger at ae-solutions.com
Mon Jun 21 13:36:57 GMT 2004

Marc Petitmermet wrote:

> dear list members
> is it possible to only have the users authenticate against an external 
> ldap server and everything else managed locally on the samba server? 
> the problem is that i only can authenticate against the central ldap 
> but not write to it. this means that samba "root" as well as all 
> machine accounts have to be managed locally and the users' homes 
> information is retrieved by nis.

In your situation, you can't modify the users' entries in LDAP to add 
the samba information either I would guess.  For this type of a 
situation, use either the password file (is the option smbpasswd?) or 
tdbsam.  You don't need to specify that ldap is involved at all.  This 
is the same way that a single workstation has user entries in the passwd 
file and then samba maintains its own user information file.

> in the manual page of smb.conf i read the following:
> "Multiple backends can be specified, separated by spaces. The backends 
> will be searched in the order they are specified. New users are always 
> added to the first backend specified."
> now, when i define the passdb backends as following in this order does 
> my intention work?
>   passdb backend = tdbsam ldapsam:ldaps://ldaps01.domain.com
> "root" is defined locally in tdbsam, all users in ldap. machines are 
> also added locally.
> regards,
> marc

Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list