[Samba] Samba with legacy LDAP

Jorgen Lundman lundman at gmo.jp
Wed Apr 22 06:42:53 GMT 2009

Hello lists,

Standard ISP hosting with virtual users here. So we already have an 
existing system setup, based around OpenLDAP data for customer 
information. Currently for WWW hosting, users have FTP access. But FTP 
seems to be a hurdle for certain users, so I was thinking about also 
offering SMB access in parallel with FTP, so they could just MAP a drive 
letter to their WWW area.

Currently the LDAP has user data in "qmail" and POSIX style schema, 
which seems to be fairly common. (uidNumber, gidNumber, gecos, 
homeDirectory etc). Currently passwords are stored in plain-text.

1) Can I make Samba lookup uid,gid,homeDirectory from LDAP directly? The 
new privacy-laws do not allow us to use PAM for the customers as a 
whole. I expected to be able to specify LDAP search filter, and a map 
between our LDAP attributes and those Samba expects (which appear to 
mostly overlap though). But this appears to have been removed?

2) Can I use the plain-text passwords directly, and avoid having to 
store nt and lm passwords?

Since with FTP you login as "ftpuser at example.com" with appropriate 
password, I was hoping that users could connect to our samba server, 
authenticating as "ftpuser at example.com" and same password. It would then 
set the share path to the users homeDirectory 
(/export/cust14/com/e/x/example/ftpuser/) and use their uid, gid.

Are there other reasons why this could not be done? Anyone already done 
something similar? Any pit-falls?


Jorgen Lundman       | <lundman at lundman.net>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)

More information about the samba mailing list