Samba-3 implements a new capability to work concurrently with multiple account backends. The possible new combinations of password backends allows Samba-3 a degree of flexibility and scalability that previously could be achieved only with MS Windows Active Directory (ADS). This chapter describes the new functionality and how to get the most out of it.

The three passdb backends that are fully maintained (actively supported) by the Samba Team are: smbpasswd (being obsoleted), tdbsam (a tdb-based binary file format), and ldapsam (LDAP directory). Of these, only the ldapsam backend stores both POSIX (UNIX) and Samba user and group account information in a single repository. The smbpasswd and tdbsam backends store only Samba user accounts.

In a strict sense, there are three supported account storage and access systems. One of these is considered obsolete (smbpasswd). It is recommended to use the tdbsam method for all simple systems. Use ldapsam for larger and more complex networks.

In a strict and literal sense, the passdb backends are account storage mechanisms (or methods) alone. The choice of terminology can be misleading, however we are stuck with this choice of wording. This chapter documents the nature of the account storage system with a focus on user and trust accounts. Trust accounts have two forms, machine trust accounts (computer accounts) and interdomain trust accounts. These are all treated as user-like entities.