[Samba] Samba & (anonymous) LDAP Authentication

Robert Heller heller at deepsoft.com
Mon Mar 29 17:16:58 MDT 2010

At Mon, 29 Mar 2010 17:38:39 -0400 gaiseric.vandal at gmail.com wrote:

> According to how you have described your environment, whether or not you 
> use LDAP for Samba's backend, your users will still need corresponding 
> unix accounts AND will still have separate unix and windows 
> passwords.    If you use ldap there will be separate fields for the 
> different passwords.     If you configure password sync it should appear 
> to the users that they have a single password.   (i.e. they change the 
> password in Windows or with smbpassword the unix password should also 
> change.)
> If you really want a single password I think your options are as follows-
>      Configure unix logons  to use windbind authentication (ie. 
> authenticate using the samba/windows password.)
>      Use kerberos for unix and samba.
> But that may not resolve your concerns with Samba writing to LDAP.
> So if you only have one samba machine  and only a few users you may 
> still want to stick to the TDB backend for the windows account info. 
> Samba will still match the unix name to the windows name either way.

OK, it looks like that is what I am stuck with.  I only *really* need
one or two users -- it is only for dealing with backups and posting some
files.  This seems to work I will just have to live with the potiental
issues of possible differing passwords if/when that happens -- it is
only two usernames at present.

Question: why can't samba just use UNIX's user authentication?  Is this
something in the way MS-Windows encrypts the password it sends over the
NetBIOS protocol?  Or is there some other issue going on?

Robert Heller             -- 978-544-6933
Deepwoods Software        -- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
heller at deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/

More information about the samba mailing list