[Samba] pam_smb_auth help

Andrew Bartlett abartlet at samba.org
Sat Oct 11 00:11:49 GMT 2003

On Sat, 2003-10-11 at 05:36, Kevin Druet wrote:
> Hello.
> I have been trying to get Red Hat 9 workstations to authenticate via an
> NT 4 PDC.
> here is my /etc/pam.d/login file,
>     auth      required   /lib/security/pam_smb_auth.so nolocal

> Im able to login to the RH9 workstation with my NT domain credentials.
> the problem I have is that I still  need at the very least, an an entry
> in /etc/passwd in order to login with my NT domain credentials....
> is there no way to authenticate without having a local /etc/passwd entry
> ?
> I thought that was what the nolocal argument would accomplish.

The problem is the use of pam_smb.  If you used winbindd, (and
pam_winbind etc) then it should 'just work'.  Winbind provides all the
/etc/passwd entries via nsswtich, and securely authenticates the user
against the domain controller.

You may wish to look into the 'winbind use default domain' parameter in
Samba 3.0, to match the 'no domain prefix' behaviour of pam_smb.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031011/80051a77/attachment.bin

More information about the samba mailing list