[Samba] (no subject)

John H Terpstra jht at samba.org
Wed Feb 18 22:01:43 GMT 2004

On Wed, 18 Feb 2004, Loc Nguyen wrote:

> Hi list,
> Could anyone explain why Samba+LDAP PDC needs to have PAM and
> NSS configured with ldap to authenticate ?
> I thought that SAMBA
> authenticates directly against LDAP rather asking PAM/NSS to do this,
> but this doesn't seem to be true.
> I configured a Samba+LDAP PDC with
> the help of idealx.org SAMBA PDC howto. I succeeded with 3.0.2a. Just
> for experimenting, I used authconfig to disable ldap in nssswitch.conf
> and system-auth, the PDC stop working. Is it true that SAMBA need to
> authenticate twice, one with SambaSamAccount, and another with
> PosixAccount?

Samba relies on the OS it sits on top of to do identify resolution. NSS
(/etc/nsswitch.conf) does only Identity resolution.

On a PDC+LDAP you must have Posix accounts in LDAP and must be able to
resolve UID/GIDs via NSS (nss_ldap) for propoer operation. By default, 3.x
does not use PAM authentication for smbd operation.

- John T.

> thanks for any ideas on this matter

John H Terpstra
Email: jht at samba.org

More information about the samba mailing list