[Samba] Differences between Samba-related PAM modules

Martin Orr samba at martinorr.name
Fri Jan 7 14:29:48 GMT 2005

Several different PAM modules relating to Samba exist.  The ones I could
find were as follows:

Authenticates against an NT domain controller, without joining the domain.
(Doesn't work with Active Directory.)

Based on the above, authenticates against an NT domain.  Requires the client
to be added to the domain using Server Manager.  No longer maintained,
superseded by winbind.

part of the official Samba distribution
Authenticates against the local smbpasswd database (and not a domain at all).

part of the official Samba distribution
Authenticates against an NT or Active Directory domain.  The client must
join the domain using the Samba "net join" command (or by adding them using
Server Manager).  Also includes an NSS library to provide account

Is the above a reasonable description of the different modules?

I have a set of Linux workstations I would like to authenticate against an
NT4 domain to which I do not have admin access, so so far as I can see
pam_smb is the only option.  Alternatively, does anyone know if it is
possible to create an NT account whose only ability is to create machine
accounts, which I could probably convince the NT domain admin to do for me?

Martin Orr
Linux Administrator,
Methodist College Belfast

More information about the samba mailing list