| 1 | <samba:parameter name="passdb backend"
|
|---|
| 2 | context="G"
|
|---|
| 3 | type="string"
|
|---|
| 4 | constant="1"
|
|---|
| 5 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 6 | <description>
|
|---|
| 7 |
|
|---|
| 8 | <para>This option allows the administrator to chose which backend
|
|---|
| 9 | will be used for storing user and possibly group information. This allows
|
|---|
| 10 | you to swap between different storage mechanisms without recompile. </para>
|
|---|
| 11 |
|
|---|
| 12 | <para>The parameter value is divided into two parts, the backend's name, and a 'location'
|
|---|
| 13 | string that has meaning only to that particular backed. These are separated
|
|---|
| 14 | by a : character.</para>
|
|---|
| 15 |
|
|---|
| 16 | <para>Available backends can include:
|
|---|
| 17 | <itemizedlist>
|
|---|
| 18 | <listitem>
|
|---|
| 19 | <para><command moreinfo="none">smbpasswd</command> - The old plaintext passdb
|
|---|
| 20 | backend. Some Samba features will not work if this passdb
|
|---|
| 21 | backend is used. Takes a path to the smbpasswd file as an
|
|---|
| 22 | optional argument.
|
|---|
| 23 | </para>
|
|---|
| 24 | </listitem>
|
|---|
| 25 |
|
|---|
| 26 | <listitem>
|
|---|
| 27 | <para><command moreinfo="none">tdbsam</command> - The TDB based password storage
|
|---|
| 28 | backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb
|
|---|
| 29 | in the <smbconfoption name="private dir"/> directory.</para>
|
|---|
| 30 | </listitem>
|
|---|
| 31 |
|
|---|
| 32 | <listitem>
|
|---|
| 33 | <para><command moreinfo="none">ldapsam</command> - The LDAP based passdb
|
|---|
| 34 | backend. Takes an LDAP URL as an optional argument (defaults to
|
|---|
| 35 | <command moreinfo="none">ldap://localhost</command>)</para>
|
|---|
| 36 |
|
|---|
| 37 | <para>LDAP connections should be secured where possible. This may be done using either
|
|---|
| 38 | Start-TLS (see <smbconfoption name="ldap ssl"/>) or by
|
|---|
| 39 | specifying <parameter moreinfo="none">ldaps://</parameter> in
|
|---|
| 40 | the URL argument. </para>
|
|---|
| 41 |
|
|---|
| 42 | <para>Multiple servers may also be specified in double-quotes.
|
|---|
| 43 | Whether multiple servers are supported or not and the exact
|
|---|
| 44 | syntax depends on the LDAP library you use.
|
|---|
| 45 | </para>
|
|---|
| 46 |
|
|---|
| 47 | </listitem>
|
|---|
| 48 | </itemizedlist>
|
|---|
| 49 |
|
|---|
| 50 | </para>
|
|---|
| 51 | Examples of use are:
|
|---|
| 52 | <programlisting>
|
|---|
| 53 | passdb backend = tdbsam:/etc/samba/private/passdb.tdb
|
|---|
| 54 |
|
|---|
| 55 | or multi server LDAP URL with OpenLDAP library:
|
|---|
| 56 |
|
|---|
| 57 | passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com"
|
|---|
| 58 |
|
|---|
| 59 | or multi server LDAP URL with Netscape based LDAP library:
|
|---|
| 60 |
|
|---|
| 61 | passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
|
|---|
| 62 | </programlisting>
|
|---|
| 63 | </description>
|
|---|
| 64 |
|
|---|
| 65 | <value type="default">tdbsam</value>
|
|---|
| 66 | </samba:parameter>
|
|---|
