[Samba] LDAP help!

Adam Tauno Williams awilliam at whitemice.org
Wed Feb 2 12:15:44 GMT 2005

> > Right now I have Samba+LDAP working (like a charm acctually)  I just
> > have one issue.  Right now Samba is authenticating the user against
> > the sambaLMPassword and/or the sambaNTPassword attributes.


> > I would rather it authenticated against the userPassword attribute
> > like my unix boxes and mail servers do.  Is samba capable of doing
> > this?  Otherwise I have to maintain two seperate passwords for each
> > user.
> yes, you have to support two separate passwords for samba and nss.

Yes.  But we are talking about Samba and PAM - not NSS.  NSS has nothing
to do with passwords.

> otherwise you have to keep passwords in clear and somehow emulate (is 
> OpenLDAP capable of this ?) sambaNTPassword via cleartext userPassword

Password syncronization is trivial.  See "ldap password sync" to do it
from the Samba side or the smbk5pwd overlay to extend the
password-modify exop on the LDAP side to always set all passwords.  Or
the third option is to use Kerberos for authentication of non-CIFS
connections as the Hiemdal KDC can use the same LDAP SAM as Samba.

More information about the samba mailing list