[Samba] Samba Authentication of Local Linux Users

Gordon Messmer yinyang at eburg.com
Fri Feb 24 21:56:30 GMT 2006


Michael Thrift wrote:
> I am not authenticating domain 
> users, or windows users, and I don't want to use smbpasswd.  Is there 
> some way to force samba to authenticate against pam, and only pam?  My 
> goal is to not add an administrative load whatsoever.

The last goal is not one you can achieve.

If you want to authenticate against PAM, you have to set "encrypt 
passwords = no".  Note, however, that the man page says:

   The use of plain text passwords is NOT advised as support
   for this feature is no longer maintained in Microsoft Win-
   dows products. If you want to use plain text passwords you
   must set this parameter to no.

Now, if you choose to set that option, you have to modify all of your 
clients, by importing the appropriate "PlainPassword.reg" file from the 
samba distribution.

So, basically, you have a choice between modifying how you manage and 
change passwords, so that you can support a secure login method for SMB, 
or changing the configuration of all of your windows clients 
considerably degrading security.


More information about the samba mailing list