[Samba] Samba share authentication using SSSD

John Hixson john at ixsystems.com
Mon Jun 9 17:01:48 MDT 2014

On Sun, Jun 08, 2014 at 01:57:28PM +1200, Andrew Bartlett wrote:
> On Fri, 2014-06-06 at 10:36 -0700, John Hixson wrote:
> > Hi,
> > 
> > Here is my desired configuration:
> > 
> > An external LDAP server, Samba 4.1.8 (not configured as a member server
> > or as a domain controller), and SSSD configured with the external LDAP
> > server. Authentication locally and via ssh works fine using pam_sss.so.
> > When attempting to authenticate a share on windows using an LDAP users
> > credentials, the request fails with NT_STATUS_ACCESS_DENIED. I'd like to
> > do this without configuring samba at all to use LDAP, is this possible?
> By what process do you expect Samba to obtain the NT password hash, or
> to forward the NTLM response, what what would do the NTLM calculation to
> verify it?

I don't know, this is why I am asking of this is possible ;-) I'm not
really clearly on how samba authentication fully works. I've done some
googling but didn't get very far, at least in finding the fine grained
details like this that one needs to know. 

- John

> Andrew Bartlett
> -- 
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list