[Samba] Password syncing

Daniel O'Connor darius at dons.net.au
Mon Dec 9 02:58:52 MST 2013

On 9 Dec 2013, at 19:35, James Cort <james.cort at bediwin.co.uk> wrote:
> Yep - in broad terms, the secret is:
>  - Use LDAP as the backend and configure Samba as a domain controller.
>  - Configure Samba to use the smbldap-tools to update passwords.
>  - Configure Unix to authenticate against LDAP. (Look out, IME some Linux distributions won’t complete the startup process if they can’t communicate with their LDAP server, assuming you’ve configured them per the distro recommendations. You should test that you can boot your LDAP and DNS server in a scenario where nothing else is working otherwise you can wind up in a situation where your boot process has circular dependencies).
> Every one of these must be set up and working properly in order for it to work, but once that’s done it works just fine. Is there anything in particular you’ve having trouble with?

I have had LDAP working in the past but found it hopelessly fragile and over complicated.

The default BDB backend for OpenLDAP would regularly cause OpenLDAP to segfault and required manually running the BDB recovery tools.

Not to mention the, uh.. 'enterprise' nature of LDAP means it is pretty tedious to work with directly.

Perhaps things have changed now and OpenLDAP has a sane backend but it was a pretty terrible experience I'd rather not repeat.

I do have Samba set up to do password syncing but it refuses to change it's own password (but says so after it changes the Unix password which seems pretty broken!). I sent an email about that a couple of days ago.

What LDAP server do you use?

Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C

More information about the samba mailing list