hi all, i am mounting a box with samba (PDC) with LDAP as the authentication database. There are a lot of howtos available in Internet about this topic but I have a question.
To implement mapping within Unix IDs and Windows Domain Identifiers is needed to use PAM (pam_ldap.so) and nsswitch (nss_ldap). My problem is that I don't see the need for pam_ldap.so module. I understand the necesary use of nssitch to indicate to the OS the location of users, passwords, ... databases. But why is needed that the OS can authenticate the users defined in the LDAP database ?? I understand that the users are authenticated by samba and the OS only need to map UIDs. Futhermore, I want that the users defined in LDAP database have _only_ access to Samba (no to ssh, tty, ...). But these howtos recomend to edit the next files: * /etc/pam.d/common-auth * /etc/pam.d/common-account * /etc/pam.d/common-password * /etc/pam.d/common-session And, this files are included by others files /etc/pam.d/login, /etc/pam.d/chsh, /etc/pam.d/chfn, /etc/pam.d/cron, /etc/pam.d/login, /etc/pam.d/su, /etc/pam.d/ssh, .... In resumen. I don't understand in this case the need for pam_ldap.so in the system pam files and I would like to known what files /etc/pam.d/* edit in order to limit the LDAP users exclusively to Samba. Thanks, -- Christian Pinedo Zamalloa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
