[Samba] PAM with Samba
Hi, I am trying to get my Samba installation to use PAM under Ubuntu. I have created the /etc/pam.d/samba, but as far as I can tell samba is not using the directives in there. I have ssh and netatalk using PAM successfully against a Kerberos ticket issuer, so I know my PAM installation is working for some services. I am sure I have something wrong in my smb.conf as I am a bit of a newbie with samba when it comes to PAM. My /etc/pam.d/samba file is a clone of my netatalk PAM file, because my netatalk shares are working just fine. Here is my [global] section from smb.conf: [global] log file = /var/log/samba/log.%m passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . obey pam restrictions = yes map to guest = bad user # encrypt passwords = true passwd program = /usr/bin/passwd %u passdb backend = tdbsam dns proxy = no server string = %h server winbind enum users = yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = + idmap uid = 2000-2 idmap gid = 2000-2 unix password sync = yes workgroup = [redacted] os level = 20 syslog = 3 realm = [redacted] security = ads panic action = /usr/share/samba/panic-action %d usershare allow guests = yes max log size = 1000 pam password change = yes preferred master = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PAM with Samba
So there is no way to get PAM and SAMBA to work? If I have a machine that is not a member of an AD, and I do not want it to be, what is the best way to have it send authentication request to a AD Domain server for authentication? I had hoped for PAM/Kerberos, but that seems like it will not work. On Mar 16, 2010, at 2:22 PM, Volker Lendecke wrote: On Tue, Mar 16, 2010 at 02:14:36PM -0500, Grady Neely wrote: I am trying to get my Samba installation to use PAM under Ubuntu. I have created the /etc/pam.d/samba, but as far as I can tell samba is not using the directives in there. I have ssh and netatalk using PAM successfully against a Kerberos ticket issuer, so I know my PAM installation is working for some services. I am sure I have something wrong in my smb.conf as I am a bit of a newbie with samba when it comes to PAM. My /etc/pam.d/samba file is a clone of my netatalk PAM file, because my netatalk shares are working just fine. PAM can not be used by Samba for password checking, because the PAM API expects to see the user's plain text password. We never see that unless you're setting encrypt passwords = no which is so higly not recommended that we should probably disable it at some point. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Using PAM
Hi, I am trying to get my Samba installation to use PAM under Ubuntu. I have created the /etc/pam.d/samba, but as far as I can tell samba is not using the directives in there. I have ssh and netatalk using PAM successfully against a Kerberos ticket issuer, so I know my PAM installation is working for some services. I am sure I have something wrong in my smb.conf as I am a bit of a newbie with samba when it comes to PAM. My /etc/pam.d/samba file is a clone of my netatalk PAM file, because my netatalk shares are working just fine. Here is my [global] section from smb.conf: [global] log file = /var/log/samba/log.%m passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . obey pam restrictions = yes map to guest = bad user # encrypt passwords = true passwd program = /usr/bin/passwd %u passdb backend = tdbsam dns proxy = no server string = %h server winbind enum users = yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = + idmap uid = 2000-2 idmap gid = 2000-2 unix password sync = yes workgroup = [redacted] os level = 20 syslog = 3 realm = [redacted] security = ads panic action = /usr/share/samba/panic-action %d usershare allow guests = yes max log size = 1000 pam password change = yes preferred master = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba