[Samba] "passwd program" in samba4

Marc Muehlfeld samba at marc-muehlfeld.de
Fri May 17 08:50:11 MDT 2013

Hello Tomasz,

Am 17.05.2013 15:30, schrieb Tomasz D.:
> We encounter the same problem. For over 10 years we've been using Samba (2,
> then 3) with OpenLDAP (and then 389 DS) backend. We have perfectly working
> LDAP environment with replication, well tuned, with many additional
> attributes and with a lot of non-samba related services (email, mailing
> list, address book, user specific data). For all that time we had
> comfortable situation, that the users had to remeber just one password.
> And now, if I understand the situation correctly, there is no way to keep
> the password synchronized between Samba4 and external LDAP. I don't need to
> authenticate samba against external LDAP, but I want to somehow trigger
> password change in LDAP in case of  changing it in Windows, and vice-versa.
> And I really think that migration of our well known and fully functional
> LDAP system, which is the core of our environment, is not the best and
> proper way.

I don't know your environment, so maybe the following doesn't fit for 
your situation.

Before I moved our production to Samba4 last autumn, we had about 25 
services (postfix, cyrus, apache, addressbooks, etc.) hooked up to our 
openLDAP backend for authentication and as source for information. But 
for all I found great ways to have everything in sambas AD (ldap). And 
the good thing is: I can administrate now everything in ADUC with just 
one tool.

For the additional attributes (phone, mail, what ever) I wrote a small 
script, that transfers them to AD.

And for your DMZ (mailserver, etc.) you don't need to have a replicated 
Samba-DC with all it's services. I use an openLDAP proxy for that.

Most of my experiences and how to set them up, I wrote down here:

If you post some information about your environment, maybe there are 
good other ways to bring all your services up to Samba 4.


More information about the samba mailing list