[Samba] Samba Authentication against Radius server

Adam Tauno Williams adamtaunowilliams at gmail.com
Tue Jun 12 11:08:34 GMT 2007

> I have my linux system configured to authenticate/authorize (windows XP
> and Vista) users for several services, like PPTP, SMTP and POP3, against
> a radius server (using PAM), and now I want to add support for samba
> authentication also. I was planning to do it by using one tdbsam backend
> (I can not have LDAP for several reasons, unfortunately) but I have some
> doubts:
> Is it possible to authenticate samba users directly against the radius
> server (is there a way to do it)?

You can, but you basically have to break things to do it (enabling clear
text passwords).  You'd configure PAM to authenticate against RADIUS and
configure Samba to use the traditional password database - but don't.  

Reconfigure your RADIUS server to authenticate users via Samba; not the
other way around.

> For tdbsam is there any solution to keep passwords sync with radius
> server?

There is a password sync feature in Samba.  Updating Samba from RADIUS
password changes would be another matter.  But better to reconfigure
your RADIUS server to use Samba for authentication, thus keeping one
password database.

Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

More information about the samba mailing list