[Samba] Can't use Encrypted Passwords with ldapsam backend

James R. Phillips James_R_Phillips at yahoo.com
Tue Apr 22 23:48:49 GMT 2008

Hello samba mailing list,

I'm using samba 3.0.24 on a home server running Debian etch.  The server
handles authentication and provides samba file shares for a small home
network of Linux machines.  I recently changed basic login
authentication from NIS to kerberos/ldap for the clients. I then decided
to switch samba over on the server to use the new ldap authentication

The [global] section of smb.conf looks like this:
        workgroup = PHILLIPS.ORG
        dns proxy = No
        username map = /etc/samba/user.map
# The whole objective of using ldap was to set this true;
# but it seems to cause samba to choke.  Is ldap ssl
# required if this is set true?  Doesn't seem likely.
# http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#smb.conf
# shows an example with encrypted passwords and without tls
        encrypt passwords = false
        server string = %h server (Samba %v)
        wins support = Yes
        master = Yes
        browseable = Yes
        passdb backend = ldapsam
        obey pam restrictions = yes
        ldap suffix = dc=localnet
        ldap admin dn = cn=admin,dc=localnet

Note that passwords are not encrypted.
This is  because samba authentication always fails for all clients when
I set "encrypt passwords" to "true". It works fine without encryption.
As the comments in the file indicate, I wondered whether ldap ssl is
required to support encrypted passwords, but that doesn't seem to be the
case.  So I don't know why I can't successfully enable encrypted passwords.

Can anyone shed some light on this?


James R. Phillips

More information about the samba mailing list