[Samba] Delegate Samba4 user authentication to an external LDAP server

Rowland Penny rowlandpenny at googlemail.com
Tue Mar 3 11:41:59 MST 2015

On 03/03/15 18:29, Mario Pio Russo wrote:
> Hi Rowland
> yes you got it right, I have a samba 4 installation and I'd like to
> delegate the authentication to an external ldap server.
> I have noticed that in samba 4 we do not have the attribute "password", so
> my question is:
> if I use Samba4+Openldap (as backend) and in OpenLdap I manually add the
> attribute "password" to each user entry, and password as a link to SASL
> {SASL}username at externalldap.com , do you think that this would work? sorry
> but I have not much knowledge of how samba stores its passwords.
> thanks

OK, if you use samba 4  plus Openldap, you will not have an AD based 
system, so you will need to set it up just like a samba3 NT PDC. There 
are numerous howtos out there on the web.

Now, seeing as where you are posting from, you will probably not like 
this, but have you considered dumping the AIX server and going entirely 
AD ? you could then probably authenticate to the samba AD DC via kerberos.


More information about the samba mailing list