[Samba] How to use ldapsam only for authentication?

Rowland penny rpenny at samba.org
Thu Jan 28 21:51:51 UTC 2016

On 28/01/16 21:30, Meike Stone wrote:
> Hello,
>> As far as I understood you are using ldapsam only when Samba is running as
>> AD domain controller.
> it is only a standalone server, no sid/gid (mapping) needed. All users
> and groups are local (passwd/groups) maintained.

If all your users & groups are only local users & groups, then they are 
unknown to Samba. For your windows users to connect to a samba share, 
they must be known to Samba *and* for them to be able to read & write to 
the share on the Unix machine, they must be known to the Unix OS, this 
is the main problem with a windows workgroup, along with having to keep 
*all* the passwords in sync. Why do you think microsoft went to all the 
trouble of creating AD? You have all your users in one place with one 
password. You can setup a workgroup that uses passwords if you want, but 
you will need to set it up correctly. If you want to setup a Samba 
server without passwords, try reading this:



More information about the samba mailing list