On Tue, May 15, 2012 at 04:54:37PM -0500, Jon Detert wrote: > I'd like to: > > 1) use samba3 as a PDC, and > 2) not use LDAP as the account backend database, and > 3) specify samba to use but use "encrypt passwords = true", and > 4) use an ldap server as the authentication source for samba. > > Is that possible? > > I'd assumed it would be given that samba is pam-aware, and > I can tell pam to use ldap for authN. > > However, the man page for smb.conf seems to say no, as it > says that "obey pam restrictions = true" will be ignored > when "encrypt password" is set to true. > > Am I understanding this correctly? Is there a > work-around? I don't want to add the samba schema to my > existing ldap server, but I do want to use my existing > ldap server for authN.
No, this is not possible. Samba never sees the plain text password which is required for authentication via PAM. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba