[Samba] samba ldap and pam without -with-ldapsam option

jtournier at idealx.com jtournier at idealx.com
Mon May 12 15:46:18 GMT 2003

i have two questions about pam and ldap:
i want to set up a samba-ldap PDC. I first installed a samba compiled with
the --with-ldapsam option. I set up a directory with users and samba
every thing works fine.
Now, i want to set up an equivalent architecture, but with the pam support.
in the man pages, i can read that i need
> obey pam restrictions = Yes
which implies the directive
> encrypt passwords = No

I also have
> security = user
> unix password sync = Yes
> domain logons = Yes
> os level = 65
> preferred master = Yes
> domain master = Yes

and my /etc/pam.d/samba contain
> #%PAM-1.0
> auth       sufficient   /lib/security/pam_ldap.so
> auth       required     /lib/security/pam_unix_auth.so try_first_pass
> account    sufficient   /lib/security/pam_ldap.so
> account    required     /lib/security/pam_unix_acct.so

But i can't mount any volume, i can't join a windows client to the domain...:
i always have a message error "session setup failed:

So, are my configuration lines correct ? Why can i found in lots of examples
configuration file the two lines
"obey pam restrictions = Yes" and "encrypt passwords = Yes" ?

Can the pam support retreive the value of the attributes defined in the
directory (logon script, logon path ...) or can samba and pam just act as the
authantication service ? If it can't, does the --with-ldapsam is the only
to solve my problems ?
Tahnks a lot

More information about the samba mailing list