[Samba] LDAP with posix account (userPassword only)

Soohoon Lee soohoon at gmail.com
Wed Jul 16 17:50:02 GMT 2008

I've setup samba to use LDAP passdb backend and it works fine.
LDAP has sambaNTPassword and more samba entities.
But I wonder if I can make samba work with userPassword only.

I think somebody is doing it and I look at their config but couldn't find
anything special.

        workgroup = NT
        netbios name = SAMBASERVER
        server string = NT Master
        passdb backend = tdbsam
        log level = 1
        syslog = 0
        log file = /var/log/samba/%m
        max log size = 50
        smb ports = 139 445
        name resolve order = wins lmhosts bcast hosts
        add user script = smbldap-useradd -m '%u'
        delete user script = smbldap-userdel '%u'
        add group script = smbldap-groupadd '%g'
        delete group script = smbldap-groupdel '%g'
        add user to group script = smbldap-groupmod -m '%u' '%g'
        delete user from group script = smbldap-groupmod -x '%u' '%g'
        set primary group script = smbldap-usermod -g '%g' '%u'
        add machine script = smbldap-useradd -w '%u'
        logon script = login.bat
        logon path =
        logon drive = X:
        logon home =
        os level = 65
        wins support = Yes
        ldap admin dn = cn=Manager,dc=my-domain,dc=com
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Machines
        ldap passwd sync = Yes
        ldap suffix = dc=my-domain,dc=com
        ldap ssl = no
        ldap timeout = 20
        ldap user suffix = ou=People
        idmap backend = ldapsam:ldap://localhost
        idmap uid = 15000-20000
        idmap gid = 15000-20000
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        ea support = Yes
        map acl inherit = Yes
        cups options = raw

        comment = Home Directories
        valid users = MYDOMAIN\%S
        read only = No
        browseable = No

        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        write list = root
        guest ok = Yes
        share modes = No

        path = /var/lib/samba/profiles
        guest ok = Yes
        browseable = No

        comment = Public Stuff
        path = /home/share
        write list = +staff
        read only = No
        guest ok = Yes


include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba3.schema

allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

access to dn.base=""
                by self write
                by * auth

access to attrs=userPassword
                by self write
                by * auth

access to attrs=shadowLastChange
                by self write
                by * read

access to *
                by * read
                by anonymous auth

idletimeout 30
database        bdb
suffix dc=nt,dc=com
rootdn cn=Manager,dc=nt,dc=com
rootpw secret

replica     host=nt.com:389
            bindmethod=simple credentials=secret

access to attrs=sambaLMPassword,sambaNTPassword
           by dn="cn=sambaadmin,dc=nt,dc=com" write
           by * none

replogfile  /var/lib/ldap/replogfile
directory       /var/lib/ldap

index objectClass           eq
index cn                    pres,sub,eq
index sn                    pres,sub,eq
index uid                   pres,sub,eq
index displayName           pres,sub,eq
index uidNumber             eq
index gidNumber             eq
index memberUID             eq
indes sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq
indes person                eq
index default               sub
index sambaSIDList          eq,pres

More information about the samba mailing list