[Samba] integrating samba with pam

Rowland Penny rpenny at samba.org
Sat Jul 1 18:27:09 UTC 2017

On Sat, 01 Jul 2017 14:19:13 -0300
Guido Lorenzutti <guido at lorenzutti.com.ar> wrote:

> We used to hide some information from our windows group, to make
> acls only in unix groups. But well.. i think we can start sharing that
> info with the domain groups.

You can do something very similar by using ACLs, create groups in AD,
add RFC2307 attributes and add your Unix users to the groups. You can
then make only members of these Unix groups be allowed access to a

> > 
> > I read that to join a squid proxy to the domain.
> But its a pain to have to install winbind on every unix I have just to
> be able to use the same credentials that the samba domain. Before
> samba4, i was able to use ldap. Samba4 has a ldap like service. There
> should be a way to use that
>  an ldapsearch, for example. And of course,
> pam_ldap. 

You need to speak to Louis van Belle about squid, he is the expert.

I don't understand your problem with winbind, if you do use nslcd, you
will have to configure smb.conf, the nslcd conf file and run k5start to
ensure that kerberos refreshes tickets. If you use winbind, you will
just have to configure smb.conf.
You have to configure smb.conf anyway, so why bother with nslcd ? Just
what does nslcd give you that winbind doesn't ?
I should also point out that nslcd isn't supported by Samba.

What do you want to authenticate to Samba ?


More information about the samba mailing list