status of pam_ntdom, or is it winbind?

Phil Mayers p.mayers at
Fri May 19 11:11:39 GMT 2000

Right. There are two components:

1) A PAM module which handles the password checking. This was called
pam_ntdom, but I think it was renamed to pam_winbind, along with some
functionality changes. I could be wrong, they might be seperate PAM
modules which do the same thing, but either way..

2) An NSS module called winbind. This consists of the usual shared
library and:

passwd: files winbind
group: files winbind

in /etc/nsswitch.conf. Then, a daemon (winbindd IIRC) that does all the
work (connection to the domain, etc) and the .so communicates with it
through a named pipe.

I believe these exist in TNG and HEAD at the moment, although they're
not built be default - I think it's "make bin/nsswitch" to build them.
There isn't a lot of documentation, but I think there are several
options in smb.conf which are documented in the man page, and maybe even
a readme!

I'm busy at the moment, so haven't looked at it - this is all garnered
from reading CVS commit messages. If anyone gets it to work, document
what you did and let us all know.


Matthew Geddes wrote:
> Richard, you appear to have misunderstood the question.
> It would appear that he was after the status of the PAM
> stuff. \"to authenticate users on Unix via an NT
> Domain?\".
> Dan Shearer was telling us the other night that it\'s now
> possible to do the following on PAM-based systems:
> login: NT_DOMAIN\\Domain_User
> password: NT_password
> as well as things like chown and ls -l working.
> Can anybody point myself and Edward Schernau in the
> right direction?
> Thanks,
> Matt

More information about the samba-ntdom mailing list