14.5. Samba Account Information Databases
The latest release of Samba offers many new features including new password database backends not previously available. Samba version 3.0.0 fully supports all databases used in previous versions of Samba. However, although supported, many backends may not be suitable for production use.
14.5.1. Backward Compatible Backends
- Plain Text
- Plain text backends are nothing more than the
/etc/passwdtype backends. With a plain text backend, all usernames and passwords are sent unencrypted between the client and the Samba server. This method is very insecure and is not recommended for use by any means. It is possible that different Windows clients connecting to the Samba server with plain text passwords cannot support such an authentication method.
- A popular backend used in previous Samba packages, the
smbpasswdbackend utilizes a plain ASCII text layout that includes the MS Windows LanMan and NT account, and encrypted password information. The
smbpasswdbackend lacks the storage of the Windows NT/2000/2003 SAM extended controls. The
smbpasswdbackend is not recommended because it does not scale well or hold any Windows information, such as RIDs for NT-based groups. The
tdbsambackend solves these issues for use in a smaller database (250 users), but is still not an enterprise-class solution.
WarningThis type of backend may be deprecated for future releases and replaced by the
tdbsambackend, which does include the SAM extended controls.
ldapsam_compatbackend allows continued OpenLDAP support for use with upgraded versions of Samba. This option is ideal for migration, but is not required. This tool will eventually be deprecated.