On Wed, Dec 10, 2003 at 10:33:34PM +0100, Roger Grosswiler wrote: > i tried now again, but just entered now in the system-auth the > following: > auth sufficient /lib/security/$ISA/pam_smb_auth.so > use_first_pass nolocal The pam_smb_auth module is entirely different from winbind -- its configuration file is /etc/pam_smb.conf. Its readme file states that you should place the domain name on the first line of the file, the name of the PDC on the second line, and the names of another PDC on the third line. The pam_smb_auth module can only perform authentication. It can not provide needed information about users (UIDs, GIDs, etc.) to programs -- you'll need something which does this. Winbind happens to provide modules which can communicate with winbind to accomplish both of these. The upside of pam_smb_auth is that you can point it at just about any SMB server (probably even a Windows for Workgroups server), and it'll work, but winbind needs something at least as capable as a PDC. Different tools with different capabilities for different-but-similar problems. Because pam_smb_auth can't provide user information, you need to set up *something* which will. If not winbind, then NIS, or LDAP, or hesiod. Each of these requires its own server to be set up, because they use different protocols which your PDC likely isn't set up to serve. HTH, Nalin
