Re: synchronize passwords

Wed, 15 May 2002 10:50:03 -0700 

On Wed, 15 May 2002, Philip J. Tully wrote:

> Is this using the winbind portion of Samba?  Has anyone used Winbind?

See below for answer.

>
> Tim Verhoeven wrote:
> >
> > On Mon, 13 May 2002, John Summerfield wrote:
> >
> > > > in our company our passwords are synchronized with a tool called pass-go.
> > > > My idea is to also synchronize the linux passwords with our RACF or
> > > > lan-passwords.
> > > >
> > > > Pass-Go is not available for L/390.. bad luck. Out domain controller is
> > > > OS/2, so it is unfortunately not possible to synchronize via samba.
> > >
> > > Have you actually tried? Linux can authenticate against an NT server, though I
> > > don't know how it's done.
> >
> > You can do this with PAM, there is a module called pam_smb_auth that lets
> > you authenticate against domain controllers.
> >
> > Basic setup is just adding this module to the auth section of the pam
> > config files.

It depends on how tight integration you want.

With pam_smb_auth you can only authenticate to a domain. In short use the
passwords that are stored in the domain.
The users still have to be present in the /etc/passwd file.

The winbind daemon uses nss to import the domain users and groups into the
UNIX/Linux environment. This means that all domain users appear to being
added to the /etc/passwd file. This is done by a library thats is the link
between the winbind daemon and nss.
Winbind also included a pam module that also allows you to authenticate
users that are in the domain, so this pam module is simular to
pam_auth_smb.

So the choice is :

- only passwd integration : pam_smb_auth
- user integration : winbindd + winbind nss library
- complete : winbindd + winbind nss lib + winbind pam module

I'm using the second to import users for a Samba file and print server.

Regards,
Tim

--
===========================================================================
Tim Verhoeven
                                Linux & Open Source Specialist
GSM : 0496 / 693 453                          + e-business solutions
Email : [EMAIL PROTECTED]                           + consulting
URL : www.sin.khk.be/~dj/                     + Server consolidation
===========================================================================

Reply via email to