[Samba] Samba4 as a "plain LDAP" server?

David Adam zanchey at ucc.gu.uwa.edu.au
Tue Mar 16 23:40:27 MDT 2010

On Tue, 16 Mar 2010, SMC wrote:
> On Monday 15 March 2010 22:42:41 Mike wrote:
> > I may well be insane, but as soon as I read your question, I thought
> > "how novel" and now want to find out the answer, myself.
> Well, not necessarily novel if I reword my question as "Would I still have to 
> maintain two separate authentication databases if I want to use Samba4 with
> some non-Microsoft clients that don't have Samba installed?"
> For example, can Samba4 work with mail or web servers that can authenticate 
> via "LDAP", or simple Linux workstations that I don't necessarily want to 
> implement and maintain full-scale "ActiveDirectory(tm)"-mode authentication 
> for?
> The need to maintain two separate authentication databases has been my biggest
> annoyance with Samba (I realize this isn't the fault of Samba but rather a 
> consequence of Microsoft's "special" password-hashing method).  That means
> if you don't use Samba every time you change your password, you end up with 
> your normal password and your Windows/Samba password out of sync.

We use the smbk5pwd overlay for OpenLDAP to solve this problem - when you 
change your password using 'passwd' on a Linux machine or on a Windows 
machine, all password entries are updated.

One of my colleagues has written some basic documentation as part of his 
overarching guide to LDAP:


I would be happy to answer questions about our setup. We seem to have 
almost perfected the One True Password system across our range of Linux, 
FreeBSD, Mac OS X, Windows and miscellaneous boxes.

David Adam
University Computer Club

More information about the samba mailing list