[Samba] Setting up PDC with PAM

Paul Cabot cabotp at intergate.ca
Mon Mar 10 06:09:11 GMT 2003

According to the documentation on setting up Samba to be a PDC.  It says 
that you have to enable encrypted passwords for it to work!

Now for Samba with PAM to work the documentation says that you can't 
have encrypted passwords enabled!

So does that mean that I can't set up Samba has a PDC and use PAM to 
authenticate the users!

Reason I ask is I did have Samba set up as a PDC with 3 windows client 
computers, 2 with Windows 2000, one with Windows XP!

I then deciced to try and use PAM so I went into the registry of the 3 
clients and set it to enableplaintextpasswords = 1

And I set Samba to plain text passwords and to obey pam restrictions!

Pam now works Ie if I change the password with smbpasswd the unix 
password is changed as well!

But the problem I'm having is!

When a I logon to the domain, My username and Password are excepted but 
then I get a message on windows saying that it couldn't access my 
profile and will use a local profile, also it mentions that the username 
and password might not be correct!  Once I have the windows desktop I 
can't access my home network drive (The one that you set Samba to), but 
if I go into the network area and access the domain there and then 
access the server it asks for my username and password and voila it 
works I can access the profiles and home shares!

Here is my smb.conf file

	workgroup = DOMAIN
	netbios name = CABOTP
	server string = Samba Server %v %h
	obey pam restrictions = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
	username map = /etc/samba/smbusers
	unix password sync = Yes
	log level = 1
	log file = /var/log/samba/%m.log
	max log size = 50
	time server = Yes
	printcap name = lpstat
	logon script = %U.vbs
	logon path = \\%L\Profiles\%U
	logon drive = Z:
	logon home = \\%L\%U
	domain logons = Yes
	os level = 64
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	hosts allow =,
	printing = lprng

	comment = Home Directories
	valid users = %S
	admin users = root,paul
	read only = No
	create mask = 0664
	directory mask = 0775
	strict allocate = Yes
	strict locking = Yes

	comment = Network Logon Service
	path = /var/spool/samba/netlogon
	write list = root

	path = /var/spool/samba/profiles
	read only = No
	csc policy = disable

More information about the samba mailing list