[Samba] Samba file server using ldap backend without AD or PDC?

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri Nov 30 07:22:17 MST 2012

Can you clarify one thing -  why are you using the sambaNTPassword in 
openldap if openldap is not currently used samba authentication?   I 
would have thought that you would use the standard password field.

I use Samba 3.x DC's with an ldap back end.   I also use the ldap 
backend for unix authentication as well as authentication to various 
other systems that support LDAP authentication.       If you are using 
one or more BDC's you really do have to use an LDAP back end.  But there 
is no reason why member server's can use an LDAP backend.      If the 
underlying unix account for each samba account is in /etc/passwd and not 
LDAP, you should consolidate it all into LDAP.

Do the sambaNTPassword (and other samba attributes)  in LDAP match those 
in the tdb backend?    You may find you want to blast away the existing 
sambaNTPassword entries in LDAP before  you migrate the TDB data to LDAP.

On 11/30/12 08:28, Brian Gold wrote:
> Hi all,
> I've been using samba for a few years now on a couple of file servers with a
> tdbsam backend for our user accounts. We use openldap for the vast majority
> of our identity management, so I would love to be able to tie into this. We
> recently started using sambaNTPassword in openldap for radius
> authentication, so this is populated for most of our users now.
>  From reading through some of the documentation though, I'm a bit confused as
> to how this would be implemented. We don't currently have Active Directory
> and don't have any samba PDC/BDCs set up. Would it be necessary for us to
> have a PDC/BDC in order to use openldap as our backend?
> Thanks,
> Brian

More information about the samba mailing list