2011/1/14 Kevin Taylor <[email protected]>: > Unfortunately, that doesn't work. Since we're using an LDAP backend, we had > to turn on 'encrypt > passwords=yes' which bypasses the pam checking.
Have you actually tried it? To set "obey pam restrictions = yes", Samba obeys PAM's restriction. For example, try: ----- [global] (encrypt passwords = yes) -- default value, so not to need to set explicitly obey pam restrictions = yes [homes] writeable = yes browseable = no ----- Usually, an user can access the homes share with valid password, but if you set pam_deny.so correctly in system-auth, common-account or such a file, then anyone can logon and you can see the error messages: ----- [2011/01/14 03:24:00, 0] auth/pampass.c:smb_pam_accountcheck(792) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User monyo! ----- --- TAKAHASHI Motonobu <[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
