[Samba] Setting up PDC with PAM
abartlet at samba.org
Tue Mar 11 11:43:22 GMT 2003
On Mon, 2003-03-10 at 17:09, Paul Cabot wrote:
> According to the documentation on setting up Samba to be a PDC. It says
> that you have to enable encrypted passwords for it to work!
> Now for Samba with PAM to work the documentation says that you can't
> have encrypted passwords enabled!
Correct, for authentication. The 'obey pam restrictions' is about
'account' and 'session' properties like 'expired' and 'too many users'.
> So does that mean that I can't set up Samba has a PDC and use PAM to
> authenticate the users!
> Reason I ask is I did have Samba set up as a PDC with 3 windows client
> computers, 2 with Windows 2000, one with Windows XP!
> I then deciced to try and use PAM so I went into the registry of the 3
> clients and set it to enableplaintextpasswords = 1
This won't affect domain logons from NT or above
> And I set Samba to plain text passwords and to obey pam restrictions!
> Pam now works Ie if I change the password with smbpasswd the unix
> password is changed as well!
> But the problem I'm having is!
> When a I logon to the domain, My username and Password are excepted but
> then I get a message on windows saying that it couldn't access my
> profile and will use a local profile, also it mentions that the username
> and password might not be correct! Once I have the windows desktop I
> can't access my home network drive (The one that you set Samba to), but
> if I go into the network area and access the domain there and then
> access the server it asks for my username and password and voila it
> works I can access the profiles and home shares!
If you have your passwords in smbpasswd, then just set 'encrypt
passwords = yes' and by happy.
> Here is my smb.conf file
> workgroup = DOMAIN
> netbios name = CABOTP
> server string = Samba Server %v %h
> obey pam restrictions = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> username map = /etc/samba/smbusers
> unix password sync = Yes
> log level = 1
> log file = /var/log/samba/%m.log
> max log size = 50
> time server = Yes
> printcap name = lpstat
> logon script = %U.vbs
> logon path = \\%L\Profiles\%U
> logon drive = Z:
> logon home = \\%L\%U
> domain logons = Yes
> os level = 64
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> hosts allow = 192.168.0.0/24, 127.0.0.1
> printing = lprng
> comment = Home Directories
> valid users = %S
> admin users = root,paul
> read only = No
> create mask = 0664
> directory mask = 0775
> strict allocate = Yes
> strict locking = Yes
> comment = Network Logon Service
> path = /var/spool/samba/netlogon
> write list = root
> path = /var/spool/samba/profiles
> read only = No
> csc policy = disable
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030311/e7d5fde8/attachment.bin
More information about the samba