[Samba] Storing passwords in LDAP, but not a PDC
craigwhite at azapple.com
Mon Mar 20 15:52:24 GMT 2006
On Mon, 2006-03-20 at 09:22 +0000, Robert Mortimer wrote:
> > Hello,
> > Is it possible to store samba passwords in ldap without configuring
> > samba as a PDC? All the documents/references I've come across are
> > related to using LDAP as a samba PDC backend, not as just a db file
> > replacement.
> > Thanks,
> LDAP is a heavyweight store for massive amounts of passwords and extended
> data needed to for 100s or 1000s of PCs. In a workgroup there is no central
> password store. In a workgroup each windows (LINUX/Samba) machine has local
> users and would never consult a central authentication database so the LDAP
> would only hold accounts for the local Linux machine's users.
> This is a Sledgehammer + nut situation
> I suggest you look at the normal samba database
I'm not entirely certain that I agree with the characterizations that
you have used.
LDAP is a lightweight database system that is optimized for frequent
reads and infrequent writes. There are implementations of LDAP that can
be utilized for account management in UNIX/Linux (aka posix) and in
Windows (Samba - Microsoft Active Directory) and these implementations
often permit essentially complete integration into the underlying
user/group account management.
There are implementations that permit this structure to be shared among
other servers so that you can attain consistent user/group account
management across some/all host systems in a networked environment which
makes it attractive for thoughtful application.
It's not a sledgehammer + nut situation...it might be more trouble than
it's worth for some administrators to learn but I use it even on
networks with a small amount of users and computers because I have
gotten over the hurdle of learning the implementation and have enough
tools to manage things like user accounts and actually find it valuable,
even in small scale deployments.
More information about the samba