[Samba] Samba, OpenLDAP and Passwords

Francesco Storti francesco.storti at gmail.com
Thu Oct 13 04:46:13 MDT 2011

I have an existing OpenLDAP directory, that I want to use as the backend for
a Samba 3 instance.
I do not want for now making Samba a Domain Controller, but only define in
it some shares accessible by users on LDAP.
I have imported in my slapd.conf the samba schema, and I have inserted in my
smb.conf all the directives for connecting to an LDAP server:

passdb backend = ldapsam:ldaps://slap1.xxxx.xx
ldap suffix = dc=xxxx,dc=xx
ldap admin dn = "cn=admin,dc=xxxx,dc=xx"
ldap delete dn = No
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap password sync = yes

I have defined the admin password with the smbpasswd utility, and everything
is working.
If I want that a LDAP user uses Samba, I have to use again the smbpasswd
utility for adding him to the samba users and defining a new password that
will be the LDAP attribute SambaNTPassword (and the new password overwrites
the LDAP userPassword, thanks to the "ldap password sync = yes" directive in
If I want to permit that a user can change his LDAP userPassword and align
it to the SambaNTPassword, I have seen that I can do it by using the
smbk5pwd overlay and pam_password exop.
But I do not know a method for using the existing LDAP userPassword for
Samba authentication: I do not want that all the users have to redefine
their passwords.
Someone of you knows a way for doing that?
Thank you in advance

More information about the samba mailing list