[Samba] Samba Authentication of Local Linux Users

Michael Thrift mthrift at western.edu
Sat Feb 25 00:11:35 GMT 2006


Actually, I figured out what I wanted.  I wasn't expressing it well, 
mainly cause I couldn't think straight after staring at the monitor for 
so long.  Basically, what I didn't realize earlier is how pam_smbpasswd 
worked.  After stepping away from the problem for a few hours it hit me 
with a huge "DUR!"  pam_smbpasswd does exactly what I want.  Of course I 
don't want clear text passwords, so by using pam_smbpasswd it 
automagically keeps both files up-to-date when a user changes their pass 
through passwd (I recognize that I'm preaching to the choir).  Thanks 
for taking the time to read my post!

Mike.

Gordon Messmer wrote:
> Michael Thrift wrote:
>> I am not authenticating domain users, or windows users, and I don't 
>> want to use smbpasswd.  Is there some way to force samba to 
>> authenticate against pam, and only pam?  My goal is to not add an 
>> administrative load whatsoever.
>
> The last goal is not one you can achieve.
>
> If you want to authenticate against PAM, you have to set "encrypt 
> passwords = no".  Note, however, that the man page says:
>
>   The use of plain text passwords is NOT advised as support
>   for this feature is no longer maintained in Microsoft Win-
>   dows products. If you want to use plain text passwords you
>   must set this parameter to no.
>
> Now, if you choose to set that option, you have to modify all of your 
> clients, by importing the appropriate "PlainPassword.reg" file from 
> the samba distribution.
>
> So, basically, you have a choice between modifying how you manage and 
> change passwords, so that you can support a secure login method for 
> SMB, or changing the configuration of all of your windows clients 
> considerably degrading security.
>


More information about the samba mailing list