[Samba] pamsmb_pass, userPassword & samba(LM/NT)Password

Andrew Bartlett abartlet at samba.org
Tue Nov 18 09:54:46 GMT 2003


On Tue, 2003-11-18 at 16:29, Chew, Darren wrote:
> Hi All,
> 
> Has anyone used pam_smbpass before with Samba 3 and Solaris 9?
> 
> The problem I am facing is that the sambaNTPassword/sambaLMPassword and 
> the posixAccount userPassword attributes are not the same.

One of the better options would be to make your LDAP server authenticate
against the sambaNTPassword instead.  If you server is OpenLDAP, you
could use a nasty sequence of OpenLDAP -> SASL (plain) -> PAM ->
pam_winbind -> winbind -> smbd -> LDAP to authenticate your users...

Someday, I'll test out if I can actually make this work, and document
it, but at least in theory, you should never need the userPassword if
the NT password is present, for plaintext at least.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031118/054faffa/attachment.bin


More information about the samba mailing list