[Samba] Samba4 as a "plain LDAP" server?
David Adam
zanchey at ucc.gu.uwa.edu.au
Tue Mar 16 23:40:27 MDT 2010
On Tue, 16 Mar 2010, SMC wrote:
> On Monday 15 March 2010 22:42:41 Mike wrote:
> > I may well be insane, but as soon as I read your question, I thought
> > "how novel" and now want to find out the answer, myself.
>
> Well, not necessarily novel if I reword my question as "Would I still have to
> maintain two separate authentication databases if I want to use Samba4 with
> some non-Microsoft clients that don't have Samba installed?"
>
> For example, can Samba4 work with mail or web servers that can authenticate
> via "LDAP", or simple Linux workstations that I don't necessarily want to
> implement and maintain full-scale "ActiveDirectory(tm)"-mode authentication
> for?
>
> The need to maintain two separate authentication databases has been my biggest
> annoyance with Samba (I realize this isn't the fault of Samba but rather a
> consequence of Microsoft's "special" password-hashing method). That means
> if you don't use Samba every time you change your password, you end up with
> your normal password and your Windows/Samba password out of sync.
We use the smbk5pwd overlay for OpenLDAP to solve this problem - when you
change your password using 'passwd' on a Linux machine or on a Windows
machine, all password entries are updated.
One of my colleagues has written some basic documentation as part of his
overarching guide to LDAP:
http://wiki.ucc.asn.au/LDAP/LazySysadmin#smbk5pwd
I would be happy to answer questions about our setup. We seem to have
almost perfected the One True Password system across our range of Linux,
FreeBSD, Mac OS X, Windows and miscellaneous boxes.
David Adam
University Computer Club
More information about the samba
mailing list