[Samba] PAM with Samba
Grady Neely
gneely74 at gmail.com
Tue Mar 16 13:51:44 MDT 2010
So there is no way to get PAM and SAMBA to work?
If I have a machine that is not a member of an AD, and I do not want it to be, what is the best way to have it send authentication request to a AD Domain server for authentication?
I had hoped for PAM/Kerberos, but that seems like it will not work.
On Mar 16, 2010, at 2:22 PM, Volker Lendecke wrote:
> On Tue, Mar 16, 2010 at 02:14:36PM -0500, Grady Neely wrote:
>> I am trying to get my Samba installation to use PAM under
>> Ubuntu. I have created the /etc/pam.d/samba, but as far
>> as I can tell samba is not using the directives in there.
>> I have ssh and netatalk using PAM successfully against a
>> Kerberos ticket issuer, so I know my PAM installation is
>> working for some services. I am sure I have something
>> wrong in my smb.conf as I am a bit of a newbie with samba
>> when it comes to PAM.
>>
>> My /etc/pam.d/samba file is a clone of my netatalk PAM
>> file, because my netatalk shares are working just fine.
>
> PAM can not be used by Samba for password checking, because
> the PAM API expects to see the user's plain text password.
> We never see that unless you're setting "encrypt passwords =
> no" which is so higly not recommended that we should
> probably disable it at some point.
>
> Volker
More information about the samba
mailing list