[Samba] would like to use samba3 pdc, no ldap account backend db, but use ldap for authN

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed May 16 00:28:51 MDT 2012

On Tue, May 15, 2012 at 04:54:37PM -0500, Jon Detert wrote:
> I'd like to:
> 1) use samba3 as a PDC, and
> 2) not use LDAP as the account backend database, and
> 3) specify samba to use but use "encrypt passwords = true", and
> 4) use an ldap server as the authentication source for samba.
> Is that possible?
> I'd assumed it would be given that samba is pam-aware, and
> I can tell pam to use ldap for authN.
> However, the man page for smb.conf seems to say no, as it
> says that "obey pam restrictions = true" will be ignored
> when "encrypt password" is set to true.
> Am I understanding this correctly?  Is there a
> work-around?  I don't want to add the samba schema to my
> existing ldap server, but I do want to use my existing
> ldap server for authN.

No, this is not possible. Samba never sees the plain text
password which is required for authentication via PAM.


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba mailing list