[Samba] sharing samba smbpasswd

Scott Grizzard scott at scottgrizzard.com
Mon Dec 29 15:10:35 GMT 2008 

There are four ways, off the top of my head, to get this done:

1) LDAP where one server runs ldap and all servers authenticate  
against it.  Advantages: easy to replicate and easily extendable for  
other uses.  Disadvantages: difficult to set up if you don't know what  
you are doing.

2) rsync the smbpasswd file.  Advantages: simple and easy.   
Disadvantages: no one does this, so you will wind up with a very weird  
setup which will be difficult to debug and which no one can help you  
with.

3) Kerberos.  Advantages: Very cool; single sign-on.  Disadvantages:  
pain in the ankle to set up.

4) Set up one samba server as a Domain Controller with a tdbsam  
backend, and join the other samba servers to that domain.  It is  
relatively easy to do, gives you single sign-on and one password file,  
and the computers don't need any special configuration to use the  
shares.  Disadvantages: the PDC becomes a single point of failure for  
all four file servers.

I recommend using the last option and setting up the Domain  
Controller.  Follow along with chapter 4 from Samba by Example (http://us1.samba.org/samba/docs/man/Samba-Guide/Big500users.html 
).  Do backups of your password files, and live with the single point  
of failure.

If the single point of failure is impossible to live with, you are  
back into replicating ldap.

- Scott Grizzard

On Dec 29, 2008, at 9:54 AM, Adam Williams wrote:

> openldap.  read chapter 5 of samba 3 by example.pdf.
>
> Dean Clapper wrote:
>> Is there a way to share smbpasswd (samba user name and password  
>> file) between multiple servers.  The servers are not on a domain  
>> controller, NIS nor ldap.
>> We have 2 - 3 redhat samba servers just for network share drives.   
>> Instead of managing passwords and user names on multiple systems,  
>> I'm trying to leverage one machine and use its logins and passwords  
>> for all samba machines.
>>
>> Is there a good way to implement this strategy configuring the  
>> smb.conf file or is this going to require a different mechanism?
>>
>> Thanks
>> Dean
>>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list