[Samba] would like to use samba3 pdc, no ldap account backend db, but use ldap for authN

[Jon Detert]

I'd like to:

1) use samba3 as a PDC, and
2) not use LDAP as the account backend database, and
3) specify samba to use but use "encrypt passwords = true", and
4) use an ldap server as the authentication source for samba.

Is that possible?

I'd assumed it would be given that samba is pam-aware, and I can tell pam to use ldap for authN.

However, the man page for smb.conf seems to say no, as it says that "obey pam restrictions = true" will be ignored when "encrypt password" is set to true.

Am I understanding this correctly?  Is there a work-around?  I don't want to add the samba schema to my existing ldap server, but I do want to use my existing ldap server for authN.

Thanks,

-- 
Jon Detert
Sr. Systems Administrator
Infinity Healthcare
Milwaukee, Wisconsin
414-290-6759