[Samba] Samba with OpenLDAP (not a DC)

Rowland Penny rpenny at samba.org
Fri Nov 9 19:10:35 UTC 2018

On Fri, 9 Nov 2018 12:34:16 -0600
dee heffem <dheffem at gmail.com> wrote:

> On 11/9/18 11:31 AM, Rowland Penny via samba wrote:
> <snip>
> > 
> > Did you run smbpasswd -w <ldap-password> ?
> That part appeared to be under the the "optional"
> section so I did not. I will add that along with the
> samba schema as you mention.

Both are not optional, Samba will not work without them.

> With write access to the Directory, what attributes does samba
> update?  I'm concerned that our SASL passthrough attributes
> may throw a wrench in the works.  If samba tries to update that
> attribute with a password from the Linux end (password sync?)
> we might have troubles elsewhere with logins.

It will update whatever you ask it to. You do realise that a Samba DC
doesn't need to sync passwords with anything else, it where you
authenticate from.

There have been numerous reports of problems with NT4-style domains and
windows 10 i.e. they just don't work any more, so I would seriously
think hard before setting up a new LDAP based Samba server.

More information about the samba mailing list