[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[thelema@mh246001.truman.edu: Re: [sauer@cloudmaster.com: PAM/samba]]

Danny,

My friend at school has done a lot with Samba and authentication (we were emulating an NT PDC).  Here's his answer to your question.
-- 
Benjamin Story
-------------------------------------------------------------------------------
Windows 95: n. a 32 bit patch to a 16 bit hack to an 8 bit operating system,
        originally coded for a 4 bit microprocessor, by a 2 bit company
        that can't stand 1 bit of competition.
Windows 98: n. see Windows 95
Windows ME: n. see Windows 95
Windows 2000: n. an attempt by a 2 bit company to put forth a stable version
                 of a 32 bit patch to a 16 bit hack to an 8 bit operating
                 system, originally coded for a 4 bit microporcessor.
-------------------------------------------------------------------------------

On Mon, 21 May 2001, Benjamin Story wrote:

> Maybe you can help him?
> -- 
> Benjamin Story
<SNIP SIG>
> From: Danny Sauer <sauer@cloudmaster.com>
> Subject: PAM/samba
> To: luci-discuss@luci.org
> Delivered-To: bstory@localhost.dnsalias.org
> Date: Mon, 21 May 2001 10:42:22 -0500
> X-Mailer: Mutt 1.0.1i
> Organization: Linux Users of Central Illinois
> Reply-To: luci-discuss@luci.org
> 
> For some reason, I'm having a hard time finding info on getting samba to
> authenticate using PAM.  I could swear that I've done it before, but can't
> remember how or when or anything.  Anyone know offhand?  I'm just piping
> /etc/passwd through mksmbpasswd.sh for the time being, but that sucks...
> 
> Anywho, thanks.
> --Danny
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.

From what I can tell, a normal compile of samba will use pam to
authenticate if you have:
security=USER
encrypt passwords=NO
in the configuration file.  Most probably you have to make sure it was
compiled with PAM support, but if you compiled it yourself on a linux
box, it almost certainly detected that.
The two above commands tell it to use normal unix authentication, which
for newer linux boxes will go through PAM.  If you need help setting up
PAM to do the authentication an interesting way, there's some decent
manuals online, but it doesn't sound like you want anything fancy.
Also, you should be aware that turning off the "encrypt passwords" isn't
even 50% security kosher.  Encrypted passwords are good.  It's just too
bad that they're such a pain in the butt to work with, being
incompatible with regular unix passwords...  (Although I guess using
PAM, you could make login and ssh use the samba-hashed passwords, but
the normal unix passwords are much more resistant to brute force
attacks.  oh well, can't win them all.)

Hope that helps,
Eric
-- 
E-mail: thelema314@bigfoot.com        If you love something, set it free.
GPG 1536g/B9C5D1F7 fpr:075A A3F7 F70B 1397 345D  A67E 70AA 820B A806 F95D

PGP signature


-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.