[Samba] stand-alone server with ldap-auth without AD

Rowland Penny rpenny at samba.org
Wed Mar 23 17:02:36 UTC 2022

On Wed, 2022-03-23 at 12:53 -0400, Gaiseric Vandal via samba wrote:
> You need to have an account on the LDAP server that samba can use to 
> read user information including the Windows password field.     
> Then 
> you need to configure smb.conf with the server name, the search
> path, 
> the ldap name and password.
> I think what is going to be a problem is that the "NT4" Windows
> password 
> requires a separate password field than the regular LDAP password,
> and 
> keeping the 2 in sync will be a challenge.     The client machines
> will 
> be sending a hash of the user password to the server (rather than 
> "plaintext" password over TLS.)      In fact the schema on the LDAP 
> server may need to be extended.

If a new NT4-style machine is being set up, you should be aware that
they rely on SMBv1 and this is going away. You could end up within a
year or two having to upgrade again or use an older version of Samba.


More information about the samba mailing list