W2K Domain Login Problem with 2.2.0

Gerald Carter gcarter at valinux.com
Mon Apr 23 15:22:31 GMT 2001 

On Tue, 24 Apr 2001, Andrew Bartlett wrote:

> > %attr(-,root,root) %config(noreplace) /etc/pam.d/samba
>
> Nope, becouse the install script stomped all over /etc/pam.d/samba
> anyway.  That makes the spec file broken, but not broken in this
> respect.

That's whay I asked :-)


> Most admins proxied by most linux distributions - who will probalby
> enable pam whatever happens.  (Look at what RedHat did with --with--ssl)

Please don't mention that.  I'm still bitter about it (been wearing black
for several monthso now).

> > Here some possible scenarios...
> >
> >  o Standalone samba server - PAM works fine
> >
> >  o Samba as a member server - domain security.  We need
> >    to work this one out.  Remote users, local users, etc...
>
> Winbind is the pam module in this case, and winbind is currently the
> same as pam_permit :-)

Winbind has not been officially released yet though.  Until we release and
"RPM" we cannot count on it.  There are two issues here.  (1) the 2.2.0
release now, and (2) future development.

I would submit that these problems must be dealt with in different
but compatible ways.

> > How does a full blown SAM-like account storage system
> > fit in here?  A simple thing like disabling an account
> > in User Manager for Domains...which should take precedence?
> > Samba's passdb or PAM?  Can we assume we know which one the
> > UNIX admin wants?  What if it is an NT shop with a Samba
> > appliance?
>
> We should AND the requirements, ie check with both.  If its an NT shop
> we just make PAM pam_permit and let it go.

I'm still not sold onthis idea.  I know we talked about it.  The problem
is that for a standalone Samba file server in a NT network, the User
Manager solution is that path of least surprise.

It's workable I gree, we just need to make sure we address all the issues.






Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list