[Samba] samba + openldap + kerberos + pam

Andrew Bartlett abartlet at samba.org
Sat Aug 26 11:26:07 GMT 2006

On Wed, 2006-08-23 at 11:30 -0400, Karen R McArthur wrote:
> RedHat enterprise v4
> openldap 2.2.13-4
> cyrus-sasl 2.1.19-5.EL4
> samba 3.0.10-1.4E.9
> krb-libs 1.3.4-27
> server1: openldap and kerberos server
> server2: samba server
> We have openldap working as posix source for all of our *nix logins - 
> with passwords stored in kerberos accessed via sasl.
> We have an exiting samba server running on redhat for macintosh/windows 
> user access to network storage.  Our passwords are stored in smbpasswd.  
> Access works fine in this configuration.
> We would like to centralize this authentication and have samba read it's 
> passwords from ldap/kerberos.

> I assume the errors are because I do not have sambaLMPassword or 
> sambaNTPassword stored in my ldap database.  I do not want to do this.  
> How do I set up samba to read all access from pam (as in the smbclient) 
> and not require storage of passwords in ldap?

The only way not to duplicate the password info is to have the KDC use
the Samba passwords.  It is *not possible* to use encrypted passwords
(which these clients expect) and PAM.

Heimdal can read the Samba password database, and I have operated a site
on this basis.

Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20060826/8f190604/attachment.bin

More information about the samba mailing list