[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PAM for Samba?

Paul Johnson said:

> I've looked around through the Samba HOWTO and /usr/share/doc/samba, but I
> can't find anything that is helpful in trying to set up samba to use PAM
> for authentication instead of it's own (retarded) method.
>
> Has anybody succeeded in using PAM for samba?  If so, what helped?

be sure samba is compiled with pam support. I really would reccomend
against using PAM with samba. Because if you do use PAM you MUST
disable password encryption on ALL clients. Something to do with
the way the password comes in with PAM. Samba doesn't get the
actual password so it cannot encrypt it, it only gets a yes or a no
(something like that). Disabling password encryption on the clients
is usually a bad thing and is usually a pain in the ass, for win32
systems it usually involves setting a registry hack.

Instead, perhaps it's good to go the LDAP route. In my experience
it is by far the most robust and flexible/powerful way to deploy
samba(or in my case samba-tng, though samba is similar).

a quick search turns up this, though specific to mysql you can
skip the mysql stuff since PAM is PAM ..

http://www.isber.ucsb.edu/~randall/personal/samba_mysql_pam.html

or on networks which already have a PDC it is trivial to set
samba to authenticate off the PDC (password = server  &
password server = NAME_OF_PDC) (I think). You don't even have
to have the samba server as part of the domain, and do not
need any accounts on the local system(for authentication at least)

it's been probably 2 years since I set it up myself..

my LDAP docs(as usual) is available:
http://howto.aphroland.de/HOWTO/LDAP

includes samba-tng+LDAP+PDC as well as keeping UNIX/samba
passwords in synch with MD5 encrypted passwords.

nate
Reply to: