Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to figure out how to get a Win98 client connecting to Samba to obey PAM restrictions (e.g. password length, use number and other chars). The PAM restrictions work fine when changing the password at the console but if I change the password from the Passwords control panel on Win98 the restrictions are completely ignored.
I've been seaching for a solution on this for two weeks now and am getting very frustrated. I've finally convinced management to replace an aging Novell install with linux but I need this part of it to work before I can go any further. I would appreciate any help you could give me on this.
Not too sure if it's possible to validate & restrict by PAM, but you may be able to do so via LDAP, though the task is anything but lightweight (IMO the LDAP is okay - it's the management of it that appears to be a bit of a command-line black art at the moment and something even more difficult to administer for larger user/domain bases).
Your first stop should be looking into the installation docs for Samba and seeing what auth modules are avialble and how to implement them.
I recently ran across an article saying something to the effect that *NIX in general needs a stronger authentication component along the lines of Active Directory. Never used AD but speaking from my Novell experiences I would lean more towards their NDS structure as a basis for a good framework.
I saw a few references to the PAM/Samba/LDAP combo during my many hours of googling. I skipped over them mainly because of the reasons you mentioned. Looked at LDAP stuff before and mostly just got confused but I might have to take another look at it.
What really confuses me about this is that there is a line in smb.conf that says "obey pam restrictions = yes". That makes me think that it is possible but I'm just missing some part of it.
From the smb.conf man page obey pam restrictions (G)
When Samba 2.2 is configured to enable PAM support (i.e. --with-pam), this parameter will control
whether or not Samba should obey PAM's account and session management directives. The default
behavior is to use PAM for clear text authentication only and to ignore any account or session man-
agement. Note that Samba always ignores PAM for authentication in the case of encrypt passwords =
yes . The reason is that PAM modules cannot support the challenge/response authentication mechanism
needed in the presence of SMB password encryption.
Default: obey pam restrictions = no
If you are it sounds like the PAM restrictions will be ignored.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
