[Samba] local or LDAP passdb for AD member servers?

ww m-pubsyssamba pubsyssamba at bbc.co.uk
Tue Mar 16 17:01:26 GMT 2004

Can anyone provide any advise, pro/cons etc for how to deal with passdb data (meaning smbpasswd account data and groupmap data)
when running multiple Samba 3.0.x member servers in a single AD domain. I'm not using winbind so I think this might be an unusual question.

>From what I've read most references to using an LDAP backend are for Samba PDC servers (might have misunderstood though). Does it make
sense to have Samba 3.0 AD member servers using the same ldapsam read/write passdb backend? Is this supported?

The other option is for all Samba member servers to have their own local passdb backend, but this means having to run "smbpasswd -a"
and "net groupmap" commands separately on every individual server which will result in differing SIDs for groupmap I think, is this a problem? 
Also this will mean the accounts will have un-synchronised passwords but I don't mind about that because I am happy to rely solely on 
Kerberos authentication which ignores the password in passdb,

Any thought on this subject much appreciated,

	thanks Andy.

More information about the samba mailing list