And now, a brief geek rant

Posted: November 17, 2005 in Uncategorized

Let’s break this down, shall we?

1) Nearly every modern *NIX distro uses PAM for authentication.
2) Damn near every *NIX distro comes with Samba, which is a de facto standard in mixed environments.

And yet, it seems well nigh impossible to get Samba to use PAM for authentication. Why, WHY would I want to keep a completely seperate user database JUST for Samba? WHY? Why is this even an option, let alone the default? I can appreciate the difference in password hashes, given MS SMB works with MD4, but honestly, why is smbpasswd even in existance anymore?

Advertisements
Comments
  1. chloralone says:

    What are you trying to do, specifically? I may be able to help as I’ve experimented with Samba/Kerberos/Winbind/PAM on a large network (>12000 users).

    • Reuben says:

      I’m actually not even getting that complex yet (though LDAP/Kerberos are future considerations). Right now I just have basic standalone RedHat ENT 4 systems running Samba 3, with the intent of configuring Samba to authenticate Windows clients to passwd/shadow via PAM rather than smbpasswd.
      So far the closest I’ve gotten is verifying the pam.d/samba config is configured same as pam.d/login, smb.conf is configured for unencrypted passwords and pointing to our WINS server, but I’m getting “The account is not authorized to log in from this station”, which Google is telling me is a host resolution issue. I’m stumped, and piecing together small useful scraps from man, Google, and O’reilly is driving me batshit. Even just a simple, reliable “it’s not possible” would suffice at this point.

  2. Anonymous says:

    I’m actually not even getting that complex yet (though LDAP/Kerberos are future considerations). Right now I just have basic standalone RedHat ENT 4 systems running Samba 3, with the intent of configuring Samba to authenticate Windows clients to passwd/shadow via PAM rather than smbpasswd.

    So far the closest I’ve gotten is verifying the pam.d/samba config is configured same as pam.d/login, smb.conf is configured for unencrypted passwords and pointing to our WINS server, but I’m getting “The account is not authorized to log in from this station”, which Google is telling me is a host resolution issue. I’m stumped, and piecing together small useful scraps from man, Google, and O’reilly is driving me batshit. Even just a simple, reliable “it’s not possible” would suffice at this point.

  3. annaanna says:

    so .. my little blinky thingy isn’t working.. and my monitor is fuzzy
    :o)

  4. Anonymous says:

    so .. my little blinky thingy isn’t working.. and my monitor is fuzzy
    :o)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s