[Samba] winbind, pam_stack and debian

Andrew Bartlett abartlet at samba.org
Sun Aug 3 01:29:56 GMT 2003

On Fri, 2003-08-01 at 17:30, Markus Amersdorfer wrote:
> On 01 Aug 2003 11:27:32 +1200
> Brent Addis <brent.addis at roamad.com> wrote:
> > Im trying to get a samba pc reading passwords off a windows pdc for
> > authorising user shares.
> > 
> > The howtos all say to use pam_stack.so for this however it does not
> > exist in debian (its a redhat thing).
> > 
> > is there a workaround for this?
> AFAIR "libpam-smb" does what you want.

No, you don't want that...

PAM can only deal with plaintext passwords, and pam_smb is even worse,
as it takes no measures to ensure it is actually talking to the real DC
in the process...

For unix logins, pam_winbind and winbindd are a good combination.  For
SMB logins (to file shares) set Samba into 'security=domain' and join
the domain.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030803/adb5a58d/attachment.bin

More information about the samba mailing list