[Samba] samba, pam, kerberos

Martynas Buozis martynas at ti.com
Wed Oct 22 15:36:24 GMT 2003


I want use stand alone samba server 3.0.0 on Solaris 8 box. We have users configure locally, but authentication is done via Kerberos server. I expected to deal with samba installation quite easy, but got stuck. As I understood from documentation - there are two ways how to do that :

1. Install pam authentication. Well this works fine from samba side. Alias - it requires password encryption turned off. This is not acceptable for me as I have no possibilities to change ALL windows machines to support plain passwords. Also use pam_smbpass.so synchronization or  migration functions  is also not an option - Kerberos passwords are changed over the web interface on very very specific location. So passwd synchronization is not an option. User's do not login to machine with ftp, ssh or telnet - they us only samba shares from that server. So password migration is also not possible as it will be hard to organize all users to log in at least once with (for example) FTP to samba machine when Kerberos password will be changed using above mentioned passwd change procedure.

2. I tried to compile samba with krb5 support. It requires active directory and ldap. Well. All users are configured in NIS, not in ADS, so this option looks also not for me ...

So how can I stuck three required options : password encryption true in samba configuration file, usernames in NIS and password authentication over Kerberos ?

I will highly appreciate all ideas about this. I am beating my head looking for various ways whole day without success. Thank you in advance !

With best regards

More information about the samba mailing list