using ldap to authenticate samba accounts

[Will Schleter]

I've perused the various resources about integrating samba and LDAP,
but I haven't been able to determine how to do the following:

I'd like to set up samba to authenticate against an LDAP server,
but only to validate the password. I don't control the LDAP server, and I
don't mind creating local user accounts and configuration files, but it
isn't clear how I configure samba to check just the password.


Here is what I tried:

Rebuild samba with the following option
--with-pam

add to top of /etc/pam.d/samba
auth       sufficient   /lib/security/pam_ldap.so

add or modify entries in /etc/samba/smb.conf
encrypt passwords = no
obey pam restrictions = yes

This did not work, and no matter what log level I ran at, I couldn't trace
down the problem.

Can anybody tell me if this possible and perhaps point me in the right
direction? I don't even mind modifying the source slightly, if I can just
get started in the right direction.

Running Redhat 7.1 and Samba 2.2.5 (can upgrade if necessary)
Don't know much about the LDAP server, but I have the configuration info
and can successfully use PAM_LDAP to authenticate linux logins.

Thanks in advance

Will Schleter
wschleter at utk.edu