[Samba] (no subject)

Gémes Géza geza at kzsdabas.sulinet.hu
Wed Feb 18 21:34:40 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Loc Nguyen írta:
| Hi list,
|
| Could anyone explain why Samba+LDAP PDC needs to have PAM and
| NSS configured with ldap to authenticate ?
|
| I thought that SAMBA
| authenticates directly against LDAP rather asking PAM/NSS to do this,
| but this doesn't seem to be true.
|
| I configured a Samba+LDAP PDC with
| the help of idealx.org SAMBA PDC howto. I succeeded with 3.0.2a. Just
| for experimenting, I used authconfig to disable ldap in nssswitch.conf
| and system-auth, the PDC stop working. Is it true that SAMBA need to
| authenticate twice, one with SambaSamAccount, and another with
| PosixAccount?
|
|
| thanks for any ideas on this matter
Yes and no, you don't need to authenticate twice, e.g. you can disable
the coresponding UNIX account, and stil able to log in via samba, but
you need a UNIX (Posix) account. The rationelle is quite simple: As long
as Samba runs as a Unix process, in order to get the rights of the user
as you are connecting it is runing with that users userid. Without a
valid userid, aka Posix account it would not be possible.

Cheers,

Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD4DBQFAM9pv/PxuIn+i1pIRAlL5AJiurPb5Xix6XqGaXPpd7mMQ7VHmAJ415mPe
i2CNXBr0DM/FslXhMKbADA==
=/DhM
-----END PGP SIGNATURE-----



More information about the samba mailing list