[Samba] ldap/pam authentication
Josh Kelley
joshkel at gmail.com
Mon Jul 16 02:39:36 GMT 2007
On 7/13/07, Jeroen van Aart <kroshka at atypon.com> wrote:
> Using ldapsam with an existing ldap setup is quite a pain and I'd rather
> avoid it (I have tried but yet did not succeed). I tried using pam,
> which did work, but only for plaintext passwords. Windows by default
> doesn't allow plaintext, so this would lock nout windows users unless
> windows is changed to use plaintext.
>
> There are many systems which can use ldap for authentication by just
> providing a server and distinguished name (dc=...) and such. I was
> hoping samba would be able to do just that, leaving out any other fancy
> things.
Because Windows by default doesn't allow plaintext, it is _impossible_
for Samba to authenticate users using methods like PAM or generic
LDAP; it needs a plaintext password to pass to one of those
authentication mechanisms.
Modifying an LDAP setup to add ldapsam can be tricky but is very
doable, and there are several howtos available on the web and
discussed on this list. What problems did you run into when trying to
do it?
Josh Kelley
More information about the samba
mailing list