[Samba] 回复: Configure samba with pam authorization
Rowland Penny
rpenny at samba.org
Wed Feb 11 09:59:02 UTC 2026
On Wed, 11 Feb 2026 17:50:29 +0800
"adrian.liu at vstecs.com" <adrian.liu at vstecs.com> wrote:
> Hi Christian/Rowland,
>
> I've noticed idmap_nss before, and there's no problem to create all
> the users on the Samba side (using smbpasswd -a username or pdbedit
> -a -u username, I supposed).
>
> However, the problem's that -- if using smbpasswd/pdbedit to create
> users, it required to input password. The user passwords were
> classfied for lagecy system and they were encryped in openldap server
> with userPassword attribute. We were not allowed to know them. They
> only thing we could do was to set all user's password to blank in
> Samba side.
>
> The customer didn't want us to create a new password for each samba
> users, they just wanted all the users login samba shared folder with
> lagency system password.
>
> Thus, when end users open a samba shares folder in Windows Explorer,
> they input the lagency system's password, and samba pass the
> username/password to openldap for authentication, and openldap might
> say "yes, it pass the userpassword check, you can continue", and then
> samba accept ldap's decision and allow the user to access.
>
>
I think you are never going to get this to work, Samba needs a
password, unless you use guest access and then you do not require users
at all.
Rowland
More information about the samba
mailing list