Paul Johnson said: > I've looked around through the Samba HOWTO and /usr/share/doc/samba, but I > can't find anything that is helpful in trying to set up samba to use PAM > for authentication instead of it's own (retarded) method. > > Has anybody succeeded in using PAM for samba? If so, what helped?
be sure samba is compiled with pam support. I really would reccomend against using PAM with samba. Because if you do use PAM you MUST disable password encryption on ALL clients. Something to do with the way the password comes in with PAM. Samba doesn't get the actual password so it cannot encrypt it, it only gets a yes or a no (something like that). Disabling password encryption on the clients is usually a bad thing and is usually a pain in the ass, for win32 systems it usually involves setting a registry hack. Instead, perhaps it's good to go the LDAP route. In my experience it is by far the most robust and flexible/powerful way to deploy samba(or in my case samba-tng, though samba is similar). a quick search turns up this, though specific to mysql you can skip the mysql stuff since PAM is PAM .. http://www.isber.ucsb.edu/~randall/personal/samba_mysql_pam.html or on networks which already have a PDC it is trivial to set samba to authenticate off the PDC (password = server & password server = NAME_OF_PDC) (I think). You don't even have to have the samba server as part of the domain, and do not need any accounts on the local system(for authentication at least) it's been probably 2 years since I set it up myself.. my LDAP docs(as usual) is available: http://howto.aphroland.de/HOWTO/LDAP includes samba-tng+LDAP+PDC as well as keeping UNIX/samba passwords in synch with MD5 encrypted passwords. nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
