LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-13-2003, 03:05 PM   #1
DocJones
LQ Newbie
 
Registered: May 2003
Location: Minnesota
Posts: 2

Rep: Reputation: 0
Need help w/Samba & PAM Auth


I am trying to figure out how to get a Win98 client connecting to Samba to obey PAM restrictions (e.g. password length, use number and other chars). The PAM restrictions work fine when changing the password at the console but if I change the password from the Passwords control panel on Win98 the restrictions are completely ignored.

I've been seaching for a solution on this for two weeks now and am getting very frustrated. I've finally convinced management to replace an aging Novell install with linux but I need this part of it to work before I can go any further. I would appreciate any help you could give me on this.
 
Old 05-14-2003, 01:52 AM   #2
mcleodnine
Senior Member
 
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731

Rep: Reputation: 45
Not too sure if it's possible to validate & restrict by PAM, but you may be able to do so via LDAP, though the task is anything but lightweight (IMO the LDAP is okay - it's the management of it that appears to be a bit of a command-line black art at the moment and something even more difficult to administer for larger user/domain bases).

Your first stop should be looking into the installation docs for Samba and seeing what auth modules are avialble and how to implement them.

I recently ran across an article saying something to the effect that *NIX in general needs a stronger authentication component along the lines of Active Directory. Never used AD but speaking from my Novell experiences I would lean more towards their NDS structure as a basis for a good framework.
 
Old 05-14-2003, 08:22 AM   #3
DocJones
LQ Newbie
 
Registered: May 2003
Location: Minnesota
Posts: 2

Original Poster
Rep: Reputation: 0
I saw a few references to the PAM/Samba/LDAP combo during my many hours of googling. I skipped over them mainly because of the reasons you mentioned. Looked at LDAP stuff before and mostly just got confused but I might have to take another look at it.

What really confuses me about this is that there is a line in smb.conf that says "obey pam restrictions = yes". That makes me think that it is possible but I'm just missing some part of it.
 
Old 05-14-2003, 08:42 AM   #4
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 46
Are you using encrypted passwords?
Quote:
From the smb.conf man page
obey pam restrictions (G)
When Samba 2.2 is configured to enable PAM support (i.e. --with-pam), this parameter will control
whether or not Samba should obey PAM's account and session management directives. The default
behavior is to use PAM for clear text authentication only and to ignore any account or session man-
agement. Note that Samba always ignores PAM for authentication in the case of encrypt passwords =
yes . The reason is that PAM modules cannot support the challenge/response authentication mechanism
needed in the presence of SMB password encryption.

Default: obey pam restrictions = no
If you are it sounds like the PAM restrictions will be ignored.

cheers

Jamie...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pam radius auth in slackware ?? Barx Slackware 1 04-30-2005 08:06 AM
pam.d/system-auth and LDAP? SheldonPlankton Linux - General 0 04-28-2005 01:11 PM
Qpopper not getting email (using PAM/Samba Winbind Auth) Josh_T_2 Linux - Networking 8 12-19-2003 12:52 PM
Slackware, Samba, Winbind & PAM; Oh My! BulletSponge Slackware 3 06-20-2003 05:01 PM
openssh/PAM auth problem crippler909 Linux From Scratch 1 06-08-2003 11:51 AM


All times are GMT -5. The time now is 11:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration