Re: samba: authentication through pam?
nate wrote:
Paul Johnson said:
I'm wondering if there's a way to convince samba to use PAM
authentication. I googled for samba pam, but came up with a lot of
information on how to make PAM authenticate using samba, and I want the
opposite...
yes but its probably not a good idea. In order for samba to use
PAM, you must disable password encryption on both the server AND
all the clients. This has to do with the way pam works, it doesn't
return the actual password that PAM recieved, it just returns a
response, so samba cannot recieve the encrypted password or something.
you may have to recompile samba, I don't know if debian's samba
comes with pam support enabled.
This is from file debian/rules in samba woody sources (2.2.3a).
The --with-pam should be pam support.
[ -f source/Makefile ] || (cd source && ./configure \
--host=$(DEB_HOST_GNU_TYPE) \
--build=$(DEB_BUILD_GNU_TYPE) \
--with-fhs \
--prefix=/usr \
--sysconfdir=/etc \
--with-privatedir=/etc/samba \
--localstatedir=/var \
--with-netatalk \
--with-smbmount \
--with-pam \
--with-syslog \
--with-sambabook \
--with-utmp \
--with-readline \
--with-pam_smbpass \
--with-libsmbclient \
--with-winbind \
--with-msdf)
I highly reccomend samba+ldap instead.
Yes, I too suggest to go for LDAP support.
But in this case you WILL have to recompile samba on woody enabling LDAP
and disabling PAM.
Get the how-to from http://samba.idealx.org/index.en.html
http://samba.idealx.org/samba-ldap-howto.pdf
At the end of the how-to there are some notes on modifying samba sources
for recompiling on debian with ldap support.
I did it successfully with samba 2.2.7a, if you want I've a diff file
with the patches.
BTW thanks Nate for your LDAP how-to, I struggled for two months to
integrate pam, ldap, samba, postfix, courier and jamm and it helped me a
lot. ;)
Massimiliano
--
Massimiliano Ferrero
Midhgard s.r.l.
C/so Re Umberto 23
10128 - Torino
tel. +39-0112301400 - fax +39-0112301422
e-mail: m.ferrero@midhgard.it
sito web: http://www.midhgard.it
Reply to: