[Samba] Newbie: SAMBA, LDAP, Kerberos as password Database

pieter.thysebaert at ugent.be pieter.thysebaert at ugent.be
Mon Sep 27 13:24:58 GMT 2004

Hello people,

We are thinking of an infrastructure overhaul, and I have the following 

Currently, we use Samba to serve files to Windows 2000 and XP clients.
I am by no means a Windows/Samba expert, but from a user perspective it means 
that one can
a. Map a network drive under Windows, specifying the correct username/password 

b. use smbmount under Linux to do the same thing.

As it is now, we have a Samba password database which is separated from our 
unix password database (NIS)

This is where we might want to go:

1. We want to deploy MIT Kerberos 5, and we want the Kerberos password 
database to be the ONLY password database.

2. User accounts: posixAccount+sambaAccounts in OpenLDAP.

3. configure openLDAP to recognize {SASL} passwords and authenticate through 

4. Block write access to all password fields in the OpenLDAP tree. (only 
Kerberos password should be writable using the kpasswd tool)

My main question is: using Samba 3.x and ldap_sam,  can one use password-based 
authentication against the Kerberos password database by simply entering a 
{SASL} type value in the sambaLMPassword and NTPassword fields in LDAP?


More information about the samba mailing list