On Fri, 2003-01-10 at 08:41, Christopher R. Hertel wrote: > Abartlet, et. al., > > I've been asked to check on something. I haven't been working with this > aspect of the authentication code in Samba so I need a little guidance. > > Question: How hard is it, if we're *not* using PAM, to build a custom > authentication back-end for Samba?
Not too hard, for Samba 3.0 > The reason that we (the University, where I work) are not using PAM is > that there are a lot of servers out there on all sorts of platforms. > Some use PAM, some don't. A general solution would need to work without. > The authentication database is a big central system. It can do RADIUS and > LDAP and a few other schemes, but RADIUS is preferred. It already stores > NTLMv1 hashes. > > To give you an idea of scale (and why this is an interesting project), the > central database has on the order of 130,000 user entries. We're a big > shop, in some ways, a lot of little shops in others. > > Anyway, the goal is to let Windows users connect to Samba servers, > authenticating against the central database. I think it should be easy to > do, if we have the hooks to do it. I think I remember someone saying we > have such hooks. As you know, my head has been burried in my book so I'm > a little lost with regard to such things. You really should just use the 'normal' pdb_ldap stuff, unless you have a *really* good reason not to. Because there is much more involved than just getting the auth - we need the user in the SAM anyway. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part