passdb backend (G) This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both smbpasswd and tdbsam to be used without a recompile. Multiple backends can be specified, separated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. Experimental backends must still be selected (eg --with-tdbsam) at configure time. This parameter is in two parts, the backend's name, and a 'location' string that has meaning only to that particular backed. These are separated by a : character. Available backends can include: smbpasswd - The default smbpasswd backend. Takes a path to the smbpasswd file as an optional argument. smbpasswd_nua - The smbpasswd backend, but with support for 'not unix accounts'. Takes a path to the smbpasswd file as an optional argument. See also non unix account range tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the private dir directory. tdbsam_nua - The TDB based password storage backend, with non unix account support. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the private dir directory. See also non unix account range ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost) ldapsam_nua - The LDAP based passdb backend, with non unix account support. Takes an LDAP URL as an optional argument (defaults to ldap://localhost) Note: In this module, any account without a matching POSIX account is regarded as 'non unix'. See also non unix account range LDAP connections should be secured where possible. This may be done using either Start-TLS (see ldap ssl) or by specifying ldaps:// in the URL argument. nisplussam - The NIS+ based passdb backend. Takes name NIS domain as an optional argument. Only works with sun NIS+ servers. plugin - Allows Samba to load an arbitary passdb backend from the .so specified as a compulsary argument. Any characters after the (optional) second : are passed to the plugin for its own processing unixsam - Allows samba to map all (other) available unix users This backend uses the standard unix database for retrieving users. Users included in this pdb are NOT listed in samba user listings and users included in this pdb won't be able to login. The use of this backend is to always be able to display the owner of a file on the samba server - even when the user doesn't have a 'real' samba account in one of the other passdb backends. This backend should always be the last backend listed, since it contains all users in the unix passdb and might 'override' mappings if specified earlier. It's meant to only return accounts for users that aren't covered by the previous backends. Default: passdb backend = smbpasswd unixsam Example: passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd unixsam Example: passdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam Example: passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb