pam_smb vs. pam_ntdom

Celso Kopp Webber webber at
Thu Aug 13 00:08:18 GMT 1998


    I downloaded pam_smb and pam_ntdom from the main
samba ftp site, with the intent of replacing my Unix passwords
totally by NT passwords.

    In fact, both pam_smb and pam_ntdom work very well,
so that now I can use NIS to share users information, such
as home dirs, etc., without the fear of having my passwd or
shadow files stolen by an evil user. (I know that the LANMAN
passwords are VERY weak! Let's wait for MS LMFIX).

    I would like if is there any advantage of using pam_ntdom
instead of pam_smb. If I use pam_ntdom, I must "join" my
samba workstations to my PDC. This is a problem for me,
since they dual boot WinNT Workstation and Linux.

    Once I make NT WKS join my Samba PDC domain,
when I reboot the machine to Linux, samba can't join the
domain, unless I go to the samba server and change the
default password of the machine (to MACHINE). This time,
NT WKS can't participate in the domain anymore, because
when samba was the workstation, it changed the password
to something different of that stored on the NT client.

    Sorry for this long message, but in short, what are the
advantages I have if I use security=domain, instead of
security=server (similar to choosing between pam_ntdom
and pam_smb, respectively).

    Thanks in advance,


More information about the samba-ntdom mailing list