thats not a good option as the password for the kerberos user must be passed in CLEARTEXT for the pam_krb5 module to work for samba auth. I don't think you can even tell XP to do that.
On Tue, 2004-04-06 at 01:23, aarumuga arumugam wrote: > Hi Everybody, > We are working on samba 3.0.2a with sun > kerberos SEAM and Netscape iDirectory Server support. > We are able to integrate samba with ldap support. we > tried integrater kerberos for authentication. We found > a solution using pam via pam_krb5 module provided by > the sun solaris 8. > > One important fact we found out using samba pam > authentication, it directly calls for an account > management function instead of an authentication > function. Please refer pam_smb_accountcheck function > () in pampass.c in source/auth . > > We have included options like obey pam instructions > and pam password change to be positive in smb.conf > and we have included information about samba service > in the pam configuration file. we have included > information about pam in the krb5.conf of kerberos. I > have also set the encrypt password to be positive in > smb.conf file. > > I am able to get a solaris machine getting > authenticated by the kerberos server.The problem is > when i try to join a Win xp computer to the samba > server . I get access denied error. when i check the > samba logs, i could find the samba sam authentication > succeded but when the pam authentication takes place , > It says authentication failed , User rejected etc., > > I could not find any information about samba server > contacting in the kerberose server logs. > SAMBA server is not contacting the KERBEROS server for > authentication. > Please any suggestions is appreciated. I could send > the configuration of samba and pam and kerberos if the > information is not sufficient. > > eccsamba > > __________________________________ > Do you Yahoo!? > Yahoo! Small Business $15K Web Design Giveaway > http://promotions.yahoo.com/design_giveaway/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
