PAM support in 2.0.x and TNG
Mayers, Philip J
p.mayers at ic.ac.uk
Mon Aug 7 08:37:09 GMT 2000
You're confusing PAM and NSS I think. Samba will only use PAM if "encrypted
passwords = no". Since you're talking about machine accounts, and hence
domain controllers, "encrypted passwords = yes" is required. Hence, samba
doesn't ever receive the clear text password, and PAM is useless to Samba.
The NSS on the other hand (which is responsible for name ->
uid/gid/homedir/shell mappings) on Solaris and Linux at least, is used just
like in any other program. When a connection is made, samba does a
getpwname(login_name_after_NT_to_UNIX_mapping) to get the uid/gid/secondary
groups to switch down to from root.
I'm not really following what you want to do, but suffice to say that
provided you have PAM_ldap and NSS_ldap set up correctly, you can put
accounts wherever you like. The (old) LDAP support in Samba is a little more
picky though, especially if you create the accounts using "smbpasswd -a", or
the samedit equivalent.
Regards,
Phil
+----------------------------------+
| Phil Mayers, Network Support |
| Centre for Computing Services |
| Imperial College |
+----------------------------------+
-----Original Message-----
From: Matthew Geddes [mailto:mgeddes at xavier.sa.edu.au]
Sent: 07 August 2000 01:16
To: Multiple recipients of list SAMBA-NTDOM
Subject: PAM support in 2.0.x and TNG
Hi,
Can anyone confirm to what extent PAM is supported in Samba? I know that
it checks PAM for the Unix account for users, but does it do this for
machine accounts?
I'm running RedHat Linux and PAM_LDAP quite nicely and want to be able
to store machine accounts in their own little part of the directory ;-).
Thanks,
Matt
--
Matthew Geddes
Network Manager
Xavier College
Gawler, SA
More information about the samba-ntdom
mailing list