I'm trying to get a server set up that provides some file shares to Windows clients, and I'd like it to integrate with an existing authentication framework my school already has set up. There's a Windows LDAP server that holds info about all the students here - I'd like Samba to authenticate against that server and grant access to shares as appropriate.
I've looked around for guides, but all I've been able to find is documentation for setting up my own LDAP server for Samba to use. My situation is somewhat restricted: I don't have administrator rights on the LDAP server, and I need to use that server because I'd very much like to provide a unified login for my users (i.e. not have to have everyone maintain a separate account on this server).
I've managed to get LDAP, Kerberos, PAM, and NSS set up so that users can log in via SSH with their LDAP usernames, but I can't figure out how to get Samba to do the same. I've heard that it's bad to have Samba use PAM, as that requires disabling password encryption. Is there a way to, without admin privileges on any remote machine, set up Samba to authenticate users against a separate LDAP (or Kerberos) server? (This also means it's mostly out of the question to join the server to the Active Directory domain.)