[Samba] PAM with Samba

Grady Neely gneely74 at gmail.com
Tue Mar 16 13:51:44 MDT 2010


So there is no way to get PAM and SAMBA to work?

If I have a machine that is not a member of an AD, and I do not want it to be, what is the best way to have it send authentication request to a AD Domain server for authentication?  

I had hoped for PAM/Kerberos, but that seems like it will not work.


On Mar 16, 2010, at 2:22 PM, Volker Lendecke wrote:

> On Tue, Mar 16, 2010 at 02:14:36PM -0500, Grady Neely wrote:
>> I am trying to get my Samba installation to use PAM under
>> Ubuntu.  I have created the /etc/pam.d/samba, but as far
>> as I can tell samba is not using the directives in there.
>> I have ssh and netatalk using PAM successfully against a
>> Kerberos ticket issuer, so I know my PAM installation is
>> working for some services.   I am sure I have something
>> wrong in my smb.conf as I am a bit of a newbie with samba
>> when it comes to PAM.
>> 
>> My /etc/pam.d/samba file is a clone of my netatalk PAM
>> file, because my netatalk shares are working just fine.
> 
> PAM can not be used by Samba for password checking, because
> the PAM API expects to see the user's plain text password.
> We never see that unless you're setting "encrypt passwords =
> no" which is so higly not recommended that we should
> probably disable it at some point.
> 
> Volker



More information about the samba mailing list