Authentification via PAM AND smbpasswd

olpa at sybcom.de olpa at sybcom.de
Wed Sep 6 07:30:59 GMT 2000


On Yesterday, Peter Samuelson wrote:

> Date: Tue,  5 Sep 2000 21:14:21 -0500 (CDT)
> From: Peter Samuelson <peter at cadcamlab.org>
> To: olpa at sybcom.de
> Cc: samba-ntdom at us4.samba.org
> Subject: Re: Authentification via PAM AND smbpasswd
> 
> 
> [olpa-samba at sybcom.de <olpa-samba at sybcom.de>]
> > I want to authenticate users against the NDS via PAM and use samba
> > TNG as a PDC.
> 
> Can't have both.  The problem is that as a PDC, Samba needs to store NT
> password hashes and do its own authentication; it cannot use PAM,
> whether that be pam_ldap or anything else, because PAM is not quite
> flexible enough to allow for the necessary challenge-response from the
> application side.
> 
> Basically, a PDC must have `encryption = yes'....
> 
> What you need is for Samba to use a direct LDAP or NDS lookup, and
> store its own passwords in your NDS database.  This may be possible --
> Samba does have *some* LDAP support -- but I have no idea how to go
> about setting it up.
> 
> Peter


Hi,

I experienced a bit with SAMBA <-> LDAP and this will require the change
of the schema for the NDS. 

I thought more of something like

	password encryption for machines = yes
	password encryption for users    = no

and then, for the latter case use PAM (and thus NDS)

---
Running Windows on a Pentium is like having a brand new Porsche but only
be able to drive backwards with the handbrake on.
(Unknown source)
---
 Oliver Pabst             .-------------------------. 
 mailto:olpa at sybcom.de    :                         : 
 phone :+49 681 56600600  :    project department   :          SYBCOM GmbH  
 fax   :+49 681 56600660  :                         : http://www.sybcom.de                 





More information about the samba-ntdom mailing list