PAM-NTDOM: Compile Errors

Elrond elrond at
Sat Jul 8 14:52:27 GMT 2000

On Sat, Jul 08, 2000 at 11:48:12PM +1000, Paul J Collins wrote:
> >>>>> "Gerald" == Gerald Carter <gcarter at> writes:
>     Gerald> On Sat, 8 Jul 2000, Elrond wrote:
>     >> I somehow remember, for pam_ntdom to work, you must run
>     >> netlogond localy or somesuch... Take a look at
>     >> pam_ntdom/README
>     Gerald> I'm sorry, but that is just bad.  Was that Luke's idea?
>     Gerald> That makes pam_ntdom unusable. :-( A PAM module should not
>     Gerald> require you to turn your machine into a server.
> You're not turning your machine into a server.  All NT boxes
> (Workstations and Servers) run NETLOGON.EXE as a service that
> WINLOGON.EXE (in conjunction with MSGINA.DLL) communicates with when
> you log on to a domain.
> Complaining about having to run netlogond to log on to an NT domain is
> like complaining about having to run ypbind to log on to an NIS
> domain.
> In addition, netlogond is around 119K in size on my box.  Do you
> really want a pam module of that size being loaded for every login?
> Paul.

Thanks for the explanations,

I've just started to read around in pam_ntdom. And it looks
like one needs to run netlogond and lsarpcd, because
netlogond is used to forward (or answer) the request, and
lsarpcd stores the secrets for the secure-channsl to the
remote domains.

And for winbindd/pam from a realy quick glance, it looks
like one needs lsarpcd at least.


More information about the samba-ntdom mailing list