[Samba] multiple passdb backends: ldaps for users, everything else locally?

Paul Gienger pgienger at ae-solutions.com
Mon Jun 21 15:03:58 GMT 2004

Marc Petitmermet wrote:

>> In your situation, you can't modify the users' entries in LDAP to add 
>> the samba information either I would guess.
> correct.
>> For this type of a situation, use either the password file (is the 
>> option smbpasswd?) or tdbsam. You don't need to specify that ldap is 
>> involved at all.
> no. i want the users authenticate against the central ldap and not a 
> local database/file. i don't want to maintain the username and 
> passwords myself; this information is already available in the ldap 
> and many other systems/programs rely on these informations in the ldap 
> (almost single-sign-on). why do this twice?

If you can't add the proper object classes (sambaSamAccount) to the LDAP 
datastore then you're going to have to duplicate the information 
someplace.  Samba doesn't authenticate against the UNIX passwd mechanism 
since Windows sends non-reversable password hashes there is no way to 
figure out that when it sends 1C67D5538C78A1C1687C7CE8C065684B it is 
really the same as the vQIuje1XDmK/ that is in the UNIX passwd database.

I guess you could turn off encrypted passwords if you really wanted to, 
but thats not really a good fix.

> regards,
> marc

Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list