[Samba] Password syncing

James Cort james.cort at bediwin.co.uk
Mon Dec 9 03:53:03 MST 2013

On 9 Dec 2013, at 09:58, Daniel O'Connor <darius at dons.net.au> wrote:

> On 9 Dec 2013, at 19:35, James Cort <james.cort at bediwin.co.uk> wrote:
>> Yep - in broad terms, the secret is:
>> - Use LDAP as the backend and configure Samba as a domain controller.
> I have had LDAP working in the past but found it hopelessly fragile and over complicated.
> The default BDB backend for OpenLDAP would regularly cause OpenLDAP to segfault and required manually running the BDB recovery tools.

Can’t say I’ve had that problem myself - I’ve always found OpenLDAP to be solid as a rock as long as you use the tools it gives you to manage the database. 

I’d agree with your general description of it being a tad tedious - personally I would try and steer away from going anywhere near the database directly. Use smbldap-tools to manipulate the data in there and possibly something nice and simple like JXplorer if you need to examine what it’s storing. 

I haven’t got around to setting it up under Samba 4.x but were I to set up unified logins today, that would be what I’d do - this way you’ve already got pretty well all the backend stuff done for you and you can use Windows’ own inbuilt tools to manage things like user accounts.  Knock on wood the sernet packages seem to be okay, though I think we’re a long way from seeing a stable version of Samba 4 in RedHat or Debian Stable.

More information about the samba mailing list