[Samba] samba with pam: ad accounts ok, local ones not

alex.blackbit alexander.huemer at sonydadc.com
Fri Jun 27 13:05:33 GMT 2008 



Ryan Bair wrote:
> 
> Did you create NT passwords for the local users with smbpasswd -a?
> 
> Also, why is your security setting on share? That seems a bit odd for
> AD integration.
> 
> --Ryan
> 
> On Thu, Jun 26, 2008 at 6:06 AM, alex.blackbit
> <alexander.huemer at sonydadc.com> wrote:
>>
>> hi,
>>
>> my smb.conf looks like this:
>>
>>        ...
>>        security = share
>>
>>        update encrypted = yes
>>        encrypt passwords = no
>>        ...
>>
>> /etc/pam.d/samba:
>>
>>        #%PAM-1.0
>>        auth       required     pam_nologin.so
>>        auth       required     pam_stack.so service=system-auth
>>        account    required     pam_stack.so service=system-auth
>>        session    required     pam_stack.so service=system-auth
>>        password   required     pam_stack.so service=system-auth
>>
>>
>> pam is configured so that local and active directory accounts can login
>> (e.g. with ssh).
>> samba works correctly with ad accounts, but does not with local accounts.
>> what could be the problem?
>>
>> thanks for the help.
>> --
>> View this message in context:
>> http://www.nabble.com/samba-with-pam%3A-ad-accounts-ok%2C-local-ones-not-tp18130507p18130507.html
>> Sent from the Samba - General mailing list archive at Nabble.com.
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 

in the current setup i have "security = user" and "encrypt passwords = yes",
but now i get "NT_STATUS_NO_SUCH_USER" in the client log file on the samba
server with "log level = 3" when i try to log in with a PAM account.
it seems like PAM stuff does not work this way. what could i have done
wrong?
and please answer the following question:
under which circumstances does a user need to have been added with
"smbpasswd -a" ? and under which not?
i can still login to the machine directly over pam using both local and
remote accounts.

thanks for the support
let's forget about the local
-- 
View this message in context: http://www.nabble.com/samba-with-pam%3A-ad-accounts-ok%2C-local-ones-not-tp18130507p18154829.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list