Authentification via PAM AND smbpasswd

olpa at olpa at
Wed Sep 6 07:30:59 GMT 2000

On Yesterday, Peter Samuelson wrote:

> Date: Tue,  5 Sep 2000 21:14:21 -0500 (CDT)
> From: Peter Samuelson <peter at>
> To: olpa at
> Cc: samba-ntdom at
> Subject: Re: Authentification via PAM AND smbpasswd
> [olpa-samba at <olpa-samba at>]
> > I want to authenticate users against the NDS via PAM and use samba
> > TNG as a PDC.
> Can't have both.  The problem is that as a PDC, Samba needs to store NT
> password hashes and do its own authentication; it cannot use PAM,
> whether that be pam_ldap or anything else, because PAM is not quite
> flexible enough to allow for the necessary challenge-response from the
> application side.
> Basically, a PDC must have `encryption = yes'....
> What you need is for Samba to use a direct LDAP or NDS lookup, and
> store its own passwords in your NDS database.  This may be possible --
> Samba does have *some* LDAP support -- but I have no idea how to go
> about setting it up.
> Peter


I experienced a bit with SAMBA <-> LDAP and this will require the change
of the schema for the NDS. 

I thought more of something like

	password encryption for machines = yes
	password encryption for users    = no

and then, for the latter case use PAM (and thus NDS)

Running Windows on a Pentium is like having a brand new Porsche but only
be able to drive backwards with the handbrake on.
(Unknown source)
 Oliver Pabst             .-------------------------. 
 mailto:olpa at    :                         : 
 phone :+49 681 56600600  :    project department   :          SYBCOM GmbH  
 fax   :+49 681 56600660  :                         :                 

More information about the samba-ntdom mailing list