[Samba] "passwd program" in samba4
samba at marc-muehlfeld.de
Fri May 17 08:50:11 MDT 2013
Am 17.05.2013 15:30, schrieb Tomasz D.:
> We encounter the same problem. For over 10 years we've been using Samba (2,
> then 3) with OpenLDAP (and then 389 DS) backend. We have perfectly working
> LDAP environment with replication, well tuned, with many additional
> attributes and with a lot of non-samba related services (email, mailing
> list, address book, user specific data). For all that time we had
> comfortable situation, that the users had to remeber just one password.
> And now, if I understand the situation correctly, there is no way to keep
> the password synchronized between Samba4 and external LDAP. I don't need to
> authenticate samba against external LDAP, but I want to somehow trigger
> password change in LDAP in case of changing it in Windows, and vice-versa.
> And I really think that migration of our well known and fully functional
> LDAP system, which is the core of our environment, is not the best and
> proper way.
I don't know your environment, so maybe the following doesn't fit for
Before I moved our production to Samba4 last autumn, we had about 25
services (postfix, cyrus, apache, addressbooks, etc.) hooked up to our
openLDAP backend for authentication and as source for information. But
for all I found great ways to have everything in sambas AD (ldap). And
the good thing is: I can administrate now everything in ADUC with just
For the additional attributes (phone, mail, what ever) I wrote a small
script, that transfers them to AD.
And for your DMZ (mailserver, etc.) you don't need to have a replicated
Samba-DC with all it's services. I use an openLDAP proxy for that.
Most of my experiences and how to set them up, I wrote down here:
If you post some information about your environment, maybe there are
good other ways to bring all your services up to Samba 4.
More information about the samba