14.5. Samba Account Information Databases
14.5.1. Backward Compatible Backends
- Plain Text
- Plain text backends are nothing more than the
/etc/passwdtype backends. With a plain text backend, all usernames and passwords are sent unencrypted between the client and the Samba server. This method is very insecure and is not recommended for use by any means. It is possible that different Windows clients connecting to the Samba server with plain text passwords cannot support such an authentication method.
- A popular backend used in previous Samba packages, the
smbpasswdbackend utilizes a plain ASCII text layout that includes the MS Windows LanMan and NT account, and encrypted password information. The
smbpasswdbackend lacks the storage of the Windows NT/2000/2003 SAM extended controls. The
smbpasswdbackend is not recommended because it does not scale well or hold any Windows information, such as RIDs for NT-based groups. The
tdbsambackend solves these issues for use in a smaller database (250 users), but is still not an enterprise-class solution.
WarningThis type of backend may be deprecated for future releases and replaced by the
tdbsambackend, which does include the SAM extended controls.
ldapsam_compatbackend allows continued OpenLDAP support for use with upgraded versions of Samba. This option is ideal for migration, but is not required. This tool will eventually be deprecated.