[Samba] Samba4 UNIX password sync

Rowland Penny rowlandpenny at googlemail.com
Fri Nov 14 10:27:35 MST 2014

On 14/11/14 16:49, Rob Mason wrote:
>   Hi List,
> I am trialling a small Samba4 AD server supporting 10 users (running
> fine).  I also have exim smtp and dovecot imap running on the same
> Debian Wheezy box.  Simplistically, what I would like to achieve is for
> an AD user account to also authenticate to imap and smtp using the same
> credentials. I previously used Samba3 'unix password sync' to ensure
> that any domain users were automatically created a unix account.  This
> doesn't seem supported any more?

In the 'Good old days' you had Unix users & windows users and if a 
windows user connected to a Unix box, they also had to be Unix users, 
this is where 'unix password sync' came in. Now, with a Samba4 AD DC, 
you just have domain users, you need to find out how to get exim & 
dovecot to auth to AD, a quick google turned this up: 

If you are going to use S4 AD, I would suggest that you follow the 
advised route and just use the AD server for auth and install a separate 
member server.

> I believe I now need winbind to support this?  If so, then
> "https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server"
> doesn't work on my Debian Wheezy box - I don't see libnss_winbind.so on
> my system.   And 'apt-get install winbind' says I'm already on the
> latest version...
> Anyone any pointers on the best approach?
> smb.conf:
> # Global parameters
> [global]
>          workgroup = ACASTA
>          realm = ACASTA.INTRA
>          netbios name = KEPLER
>          server role = active directory domain controller
>          dns forwarder =
>          idmap_ldb:use rfc2307 = yes
> [netlogon]
>          path = /var/lib/samba/sysvol/acasta.intra/scripts
>          read only = No
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No

More information about the samba mailing list