[Samba] Winbind/PAM Question
Robert Balbir-Brott
robertbb at gmail.com
Wed Aug 18 08:08:12 GMT 2004
Hi All,
>From the Official Samba-3 HOWTO, section 24.1:
"Winbind - The pam_winbind.so module allows Samba to obtain
authentication from any MS Windows Domain Controller. It can just as
easily be used to authenticate users for access to any PAM-enabled
application."
I understand the second part to this sentence. That is, Samba
provides 'pam_winbind.so' which allows, through PAM, users for
PAM-aware applications to be authenticated via WinBind to a Windows
NT/200x box. What I don't quite grasp is why the module "allows Samba
to obtain authentication information from any MS Windows Domain
Controller". I searched the mailing list, and found a thread in which
John Terpstra had said that "smbd can use winbind directly"
(http://lists.samba.org/archive/samba/2003-May/066636.html)
So, if smbd can indeed use winbind directly, why would the PAM
interface to winbind be needed when simply allowing Samba to obtain
authentication information from a Windows box?
I find this confusing because, in section 20.5 of the Official HOWTO, it reads:
"To allow domain users the ability to access Samba shares and files,
as well as potentially other services provided by your Samba machine,
PAM must be set up properly on your machine."
So which is true?.. (or am I missing something vital?)
Regards,
Robert Balbir-Brott
More information about the samba
mailing list