Passdb Backends and Authentication
There have been a few new changes that Samba administrators should be
aware of when moving to Samba-3.
Encrypted passwords have been enabled by default in order to
interoperate better with out-of-the-box Windows client
installations. This does mean that either (a) a Samba account
must be created for each user, or (b) “encrypt passwords = no”
must be explicitly defined in
Inclusion of new
security = ads option for integration
with an Active Directory domain using the native Windows Kerberos 5 and LDAP protocols.
Samba-3 also includes the possibility of setting up chains of authentication methods (
auth methods) and account storage backends (
passdb backend). Please refer to
smb.conf man page and
Account Information Databases, for
details. While both parameters assume sane default values, it is likely that you will need to understand what
the values actually mean in order to ensure Samba operates correctly.
Certain functions of the
tool have been split between the
tool, and the new
utility. See the respective man pages for details.