[Samba] ldap/pam authentication

Josh Kelley joshkel at gmail.com
Mon Jul 16 02:39:36 GMT 2007

On 7/13/07, Jeroen van Aart <kroshka at atypon.com> wrote:
> Using ldapsam with an existing ldap setup is quite a pain and I'd rather
>   avoid it (I have tried but yet did not succeed). I tried using pam,
> which did work, but only for plaintext passwords. Windows by default
> doesn't allow plaintext, so this would lock nout windows users unless
> windows is changed to use plaintext.
> There are many systems which can use ldap for authentication by just
> providing a server and distinguished name (dc=...) and such. I was
> hoping samba would be able to do just that, leaving out any other fancy
> things.

Because Windows by default doesn't allow plaintext, it is _impossible_
for Samba to authenticate users using methods like PAM or generic
LDAP; it needs a plaintext password to pass to one of those
authentication mechanisms.

Modifying an LDAP setup to add ldapsam can be tricky but is very
doable, and there are several howtos available on the web and
discussed on this list.  What problems did you run into when trying to
do it?

Josh Kelley

More information about the samba mailing list