[Samba] Samba with legacy LDAP

Jorgen Lundman lundman at gmo.jp
Thu Apr 23 00:16:41 GMT 2009

Thanks for your reply,

> Connecting to SMB/CIFS over the internet tends to be extremely slow. I'm 
> not sure why that should be the case, but having played with direct 
> access over the internet vs over a VPN, the internet one is 
> substantially slower (to the point of being practically unusable). That 
> might be less of an issue if you are their ISP.

That we are. Bandwidth in Japan is pretty good. But even then, I get the 
feeling some users would be happy with slow but "easier" means of 
accessing their content. But I guess that depends on just how bad it is, 
but naturally I am setting up a proof-of-concept on the test system first.

> Mapping a drive could also cause problems. In the past I have had issues 
> with very long delays opening My Computer when network drives are slow 
> to respond. I've just tried to replicate this issue and it doesn't 
> appear to be a problem in Vista but I have certainly seen it with some 
> versions of XP.

This is true, I experienced this in my past. But perhaps not a permanent 
mapping, if there was a icon the could double click or similar, to 
temporarily set up the drive. I will keep that in mind.

> I hesitate to say that storing passwords in plain-text is "good", but in 
> this case it will greatly simplify things. You will need to add the 
> samba schema.

I know, I know.. in the past, there was no choice with some software. 
CHAP/SAUTH etc, needed it. Recently, most software can do auth-bind on a 
  leaf for testing which is much better.

There is no way around adding Samba schema? Not that is a big deal, but 
curious. Can I perhaps ask samba to merely query a script for 
authentication and retrieval of uid/gid/homeDirectory? If so, I could 
(temporarily) work around the schema.

> Samba is able to talk to LDAP directly and fully understands the fields 
> in the POSIX schema, there are plenty of OSs supported by Samba that 
> don't use PAM (Slackware, AIX, probably the various BSDs).

Ok so it will get the attributes without PAM, but the schema and 
attribute-names are hard-coded.

> Not without having to make changes to how the client PCs will 
> authenticate, so pretty much "no". However since you have the passwords 
> in plaintext it isn't too much of a hassle to generate the hashes.

Perhaps I should ignore LDAP and simply add a smbpasswd user and test it 


Jorgen Lundman       | <lundman at lundman.net>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)

More information about the samba mailing list