[Samba] question concerning ldapsam:editposix and winbind

Adam Williams awilliam at mdah.state.ms.us
Wed Jan 16 18:26:00 GMT 2008

yes, linux distros require nss_ldap and pam_ldap to authenticate linux 
shell accounts against ldap.  if you are using fedora/centos you can use 
authconfig and select ldap and put in the required info.  and you'll 
need to add ldap to the passwd: shadow: and group: entries in 

authconfig will configure /etc/ldap.conf and edd the required ldap 
attributes to /etc/pam.d/system-auth

not sure about freebsd but it shouldn't be too different. (famous last 

to convert your existing /etc/passwd users to ldap, you can use the PADL 
migration tools.

Andrew Richey wrote:
> Well, it looks like I would have to use pam_ldap and nss_ldap to make 
> this work.  Or so I think...  Wondering if all the Linux distros 
> require these too, to authenticate off of ldap.
> Andrew Richey wrote:
>> Hey guys,
>> I've gotten my samba + openldap running quite well, minus one problem 
>> (that I know about).  I've read over plenty of documentation, the 
>> official and other wiki's and such.  I believe I have winbind working 
>> correctly, so I assume I won't have to use external scripts to add 
>> groups/users/etc..
>> But isn't there something one must do in order for their OS (in my 
>> case FreeBSD 6.2) to use my ldap server instead of /etc/passwd and 
>> /etc/group files?   I'm unable to change the Administrator users 
>> password because I have no Unix account for it, and I assume it's 
>> looking for that in /etc/passwd.  On the same token, I can add 
>> another user who already exists in my /etc/password  (the local user 
>> I added during the installation of FreeBSD).  And it shows up 
>> sucsessfully in my ldap server.
>> At first I was thinking that the ...
>> ldapsam:trusted= yes
>> ldapsam:editposix= yes
>> ..handled this issue, via winbind.  But that might be a 
>> misunderstanding on my part. Anyone have any ideas?

More information about the samba mailing list