[Samba] Samba and Ldap

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri Jun 24 07:16:08 MDT 2011

The user's unix LDAP password should be encrypted (technically I think 
it is actually hashed, since it is not reversible)-  so no, you can't 
get their existing password.

There are two options in smb.conf to have the password sync

     ldap passwd sync = yes


         unix password sync = yes

I have ldap backend for linux and samba passwords, but initally had NIS 
for unix and TDB for samba.   I use the "unix password sync" option 
partially as a legacy hold over of the previous backend.

I therefore also set
             passwd program = /etc/samba/smbldappasswd.sh %u
             passwd chat =*New* %n\n *changed*

Samba passes the new "windows" password to the external script which 
uses the sun ldappasswd command to change the user's unix script.    You 
can't just use the "passwd" command since the local root account on a 
unix server is not the LDAP admin user.

The " ldap passwd sync = yes" would probably have been cleaner.

On 06/24/2011 05:36 AM, thom_schu at gmx.de wrote:
> Hi,
> all the users here are stored in a LDAP-Server, means authentication on a workstation (linux) is over LDAP. Yesterday I configured a Samba-Server, it also uses the LDAP-Server as its backend.
> I found out, that with a call "smbpasswd -a user" an existing user gets all the attributes from the sambaSamAccount automaticly.
> But here is my first question - for this call I need to know the users password, is there a way, so that I can use the users password already saved in LDAP as the unix account password ?
> Another question.
> When a user calls "passwd" on a workstation, now only the passwordfield in LDAP for the unix account will be changed. But I want to keep unix account password and samba password synchron - is this possible with calling "passwd" ?
> thanks
> gizmo

More information about the samba mailing list