[Samba] Samba4 as a "plain LDAP" server?

SMC smc+samba at dogphilosophy.net
Tue Mar 16 10:42:15 MDT 2010


On Monday 15 March 2010 22:42:41 Mike wrote:
> I may well be insane, but as soon as I read your question, I thought
> "how novel" and now want to find out the answer, myself.

Well, not necessarily novel if I reword my question as "Would I still have to 
maintain two separate authentication databases if I want to use Samba4 with
some non-Microsoft clients that don't have Samba installed?"

For example, can Samba4 work with mail or web servers that can authenticate 
via "LDAP", or simple Linux workstations that I don't necessarily want to 
implement and maintain full-scale "ActiveDirectory(tm)"-mode authentication 
for?

The need to maintain two separate authentication databases has been my biggest
annoyance with Samba (I realize this isn't the fault of Samba but rather a 
consequence of Microsoft's "special" password-hashing method).  That means
if you don't use Samba every time you change your password, you end up with 
your normal password and your Windows/Samba password out of sync.

If Samba4's internal LDAP server also handles basic POSIX account attributes, 
then using Samba4 as the "LDAP authentication server" for everything finally 
solves that problem (doesn't it?).  Otherwise, the only option would be using 
the OpenLDAP backend and we're back to maintaining two separate sets of 
authentication data and requiring Samba on the clients for any password 
changes.

I haven't found any documentation so far that indicates either way whether 
this works.  For obvious reasons, the existing Samba4 documentation seems to 
be almost exclusively about controlling Microsoft Windows clients.

If it's a case of "it SHOULD work but nobody's tested it yet", I'd be quite 
willing to help with the testing...


More information about the samba mailing list