[Samba] samba, pam, kerberos

[Martynas Buozis]

Please excuse me for disturbing again. I just want ask also inform me if it
is not possible to configure samba in the way I am looking for. Thank you
very much for your help

Martynas

----- Original Message ----- 
From: "Martynas Buozis" <martynas at ti.com>
To: <samba at lists.samba.org>
Sent: Wednesday, October 22, 2003 5:36 PM
Subject: [Samba] samba, pam, kerberos


> Hello
>
>
> I want use stand alone samba server 3.0.0 on Solaris 8 box. We have users
configure locally, but authentication is done via Kerberos server. I
expected to deal with samba installation quite easy, but got stuck. As I
understood from documentation - there are two ways how to do that :
>
> 1. Install pam authentication. Well this works fine from samba side.
Alias - it requires password encryption turned off. This is not acceptable
for me as I have no possibilities to change ALL windows machines to support
plain passwords. Also use pam_smbpass.so synchronization or  migration
functions  is also not an option - Kerberos passwords are changed over the
web interface on very very specific location. So passwd synchronization is
not an option. User's do not login to machine with ftp, ssh or telnet - they
us only samba shares from that server. So password migration is also not
possible as it will be hard to organize all users to log in at least once
with (for example) FTP to samba machine when Kerberos password will be
changed using above mentioned passwd change procedure.
>
> 2. I tried to compile samba with krb5 support. It requires active
directory and ldap. Well. All users are configured in NIS, not in ADS, so
this option looks also not for me ...
>
> So how can I stuck three required options : password encryption true in
samba configuration file, usernames in NIS and password authentication over
Kerberos ?
>
> I will highly appreciate all ideas about this. I am beating my head
looking for various ways whole day without success. Thank you in advance !
>
> With best regards
> Martynas