14.5. Samba Account Information Databases
The latest release of Samba offers many new features including new password database backends not previously available. Samba version 3.0.0 fully supports all databases used in previous versions of Samba. However, although supported, many backends may not be suitable for production use.
14.5.1. Backward Compatible Backends
- Plain Text
- Plain text backends are nothing more than the
/etc/passwd
type backends. With a plain text backend, all usernames and passwords are sent unencrypted between the client and the Samba server. This method is very insecure and is not recommended for use by any means. It is possible that different Windows clients connecting to the Samba server with plain text passwords cannot support such an authentication method. smbpasswd
- A popular backend used in previous Samba packages, the
smbpasswd
backend utilizes a plain ASCII text layout that includes the MS Windows LanMan and NT account, and encrypted password information. Thesmbpasswd
backend lacks the storage of the Windows NT/2000/2003 SAM extended controls. Thesmbpasswd
backend is not recommended because it does not scale well or hold any Windows information, such as RIDs for NT-based groups. Thetdbsam
backend solves these issues for use in a smaller database (250 users), but is still not an enterprise-class solution.Warning
This type of backend may be deprecated for future releases and replaced by thetdbsam
backend, which does include the SAM extended controls. ldapsam_compat
- The
ldapsam_compat
backend allows continued OpenLDAP support for use with upgraded versions of Samba. This option is ideal for migration, but is not required. This tool will eventually be deprecated.