Samba vs PAM (authentication against NDS)

[Peter Samuelson]

[Marek Les]
> Hmm.. I am not sure about this, maybe you can explain it to me.. if I
> have a Novell Client installed in Windows 95 (with password
> encrypting enabled) and I log in the Novell Server through NDS I
> don't send any LanManger hashed password, don't I ?

When you do that, you are not using SMB, you are using Novell's
protocol, probably over IPX/SPX.  A completely different animal, and
something Samba is not designed to do.  That's why, at the Windows end,
you need a separate "Novell client" rather than just using the "client
for Microsoft networks".

There does exist Novell-compatible file server software for
Linux/Unix.  I don't have any idea if it supports pass-through
authentication to a directory server.

> Well I managed to get NDS authenticating working _locally_ .. That 
> means I can login via smbclient from the same computer using the 
> password in NDS. However I fail to do even 'net view \\server' from 
> Windows, I'm getting Error 86 : Wrong password..

You mean you can get NDS authentication even with "encryption = yes"?
I would expect this to only work if you set "encryption = no".  In
which case you also need to apply the registry hack to your Windoze
clients.

> I don't get the point right now.. well, the goal of all this is to
> have all the accounts handled _globaly_ , easily and comfortably from
> the Novell NDS, which has a really very nice way of handling such
> things. What's the problem of changing the password in NDS?

OK, as long as the Samba server is not involved in the password change
operation, it should work fine.

Peter