This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both smbpasswd and tdbsam to be used without a recompile. Multiple backends can be specified, separated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. This parameter is in two parts, the backend's name, and a 'location' string that has meaning only to that particular backed. These are separated by a : character. Available backends can include: smbpasswd - The default smbpasswd backend. Takes a path to the smbpasswd file as an optional argument. tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the directory. ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost) LDAP connections should be secured where possible. This may be done using either Start-TLS (see ) or by specifying ldaps:// in the URL argument. Multiple servers may also be specified in double-quotes, if your LDAP libraries supports the LDAP URL notation. (OpenLDAP does). nisplussam - The NIS+ based passdb backend. Takes name NIS domain as an optional argument. Only works with sun NIS+ servers. mysql - The MySQL based passdb backend. Takes an identifier as argument. Read the Samba HOWTO Collection for configuration details. Examples of use are: passdb backend = tdbsam:/etc/samba/private/passdb.tdb \ smbpasswd:/etc/samba/smbpasswd or passdb backend = ldapsam:ldaps://ldap.example.com or passdb backend = ldapsam:"ldap://ldap-1.example.com \ ldap://ldap-2.example.com" or passdb backend = mysql:my_plugin_args tdbsam smbpasswd