On Thu, Jan 09, 2003 at 10:53:32AM +0000, bryan hunt wrote: > Forgive the subject line, I wanted it to turn up if someone > was googling.
That being the case, I feel I should note for the benefit of googlers that pam_pwdb is long-unmaintained, so it's not necessarily a good choice for a password module; and that the below configuration is tailored for an environment where Samba is serving connections to both LDAP users and non-LDAP users, both using (apparently) plaintext passwords. In our environment, for instance, any user not in LDAP should *not* be able to authenticate to the server, since only non-user system accounts are configured in our local password file. > I have found that the following combination works well for > password syncing using pam when the system is configured to > use ldap for user authentication ( pam_ldap ). > I hope this is of use to someone. > /etc/pam.d/samba > #%PAM-1.0 > auth sufficient /lib/security/pam_ldap.so > auth required /lib/security/pam_unix_auth.so use_first_pass > account sufficient /lib/security/pam_ldap.so > account required /lib/security/pam_unix_acct.so > password sufficient /lib/security/pam_ldap.so > password required /lib/security/pam_pwdb.so try_first_pass FWIW, this last line might work better as: password required /lib/security/pam_pwdb.so use_authtok try_first_pass Regards, -- Steve Langasek postmodern programmer
msg05284/pgp00000.pgp
Description: PGP signature
