I am trying to figure out how to get a Win98 client connecting to Samba to obey PAM restrictions (e.g. password length, use number and other chars). The PAM restrictions work fine when changing the password at the console but if I change the password from the Passwords control panel on Win98 the restrictions are completely ignored.

I've been seaching for a solution on this for two weeks now and am getting very frustrated. I've finally convinced management to replace an aging Novell install with linux but I need this part of it to work before I can go any further. I would appreciate any help you could give me on this.

Not too sure if it's possible to validate & restrict by PAM, but you may be able to do so via LDAP, though the task is anything but lightweight (IMO the LDAP is okay - it's the management of it that appears to be a bit of a command-line black art at the moment and something even more difficult to administer for larger user/domain bases).

Your first stop should be looking into the installation docs for Samba and seeing what auth modules are avialble and how to implement them.

I recently ran across an article saying something to the effect that *NIX in general needs a stronger authentication component along the lines of Active Directory. Never used AD but speaking from my Novell experiences I would lean more towards their NDS structure as a basis for a good framework.

I saw a few references to the PAM/Samba/LDAP combo during my many hours of googling. I skipped over them mainly because of the reasons you mentioned. Looked at LDAP stuff before and mostly just got confused but I might have to take another look at it.

What really confuses me about this is that there is a line in smb.conf that says "obey pam restrictions = yes". That makes me think that it is possible but I'm just missing some part of it.

Are you using encrypted passwords?If you are it sounds like the PAM restrictions will be ignored.

cheers

Jamie...