[Samba] Delegate Samba4 user authentication to an external LDAP server

Andrew Bartlett abartlet at samba.org
Tue Mar 10 12:02:02 MDT 2015

On Tue, 2015-03-10 at 10:46 +0000, Mario Pio Russo wrote:
> thanks for your answer, I cannot do the reverse authentication
> unfortunately. Everything has to work as I have described. Furthermore I
> cannot change my external trust authority for authentication. From this
> thread it looks like the only option is to use local password for the
> Samba4 domain users, which add some complexity when managing IDs (and above
> all passwords), as a single user might have different ids/password in the
> Samba4 domain and the LDAP one.
> I've read few other threads about using OplenLdap as backend of Samba4 AD
> DC, seemingly there was a project to integrate OpenLdap within Samba4 AD
> DC, do you know if there is any progress in that direction?

Even if it were to succeed, it wouldn't help you, as it still requires
Samba to hold the passwords.  It is about changing the DB engine, not
the authentication model. 


Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list