So there is no way to get PAM and SAMBA to work? If I have a machine that is not a member of an AD, and I do not want it to be, what is the best way to have it send authentication request to a AD Domain server for authentication?
I had hoped for PAM/Kerberos, but that seems like it will not work. On Mar 16, 2010, at 2:22 PM, Volker Lendecke wrote: > On Tue, Mar 16, 2010 at 02:14:36PM -0500, Grady Neely wrote: >> I am trying to get my Samba installation to use PAM under >> Ubuntu. I have created the /etc/pam.d/samba, but as far >> as I can tell samba is not using the directives in there. >> I have ssh and netatalk using PAM successfully against a >> Kerberos ticket issuer, so I know my PAM installation is >> working for some services. I am sure I have something >> wrong in my smb.conf as I am a bit of a newbie with samba >> when it comes to PAM. >> >> My /etc/pam.d/samba file is a clone of my netatalk PAM >> file, because my netatalk shares are working just fine. > > PAM can not be used by Samba for password checking, because > the PAM API expects to see the user's plain text password. > We never see that unless you're setting "encrypt passwords = > no" which is so higly not recommended that we should > probably disable it at some point. > > Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba