Samba Authentication (was PA (fwd)
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri Mar 27 14:01:55 GMT 1998
<a href="mailto:lkcl at samba.anu.edu.au" > Luke Kenneth Casson Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://www.samba.co.uk" > Samba and Network Consultancy </a>
---------- Forwarded message ----------
Date: Thu, 26 Mar 1998 08:23:52 -0500 (EST)
From: CURRIE KEVIN <x7currie at lab2.cc.wmich.edu>
To: Luke Kenneth Casson Leighton <lkcl at switchboard.net>
Subject: Samba Authentication (was PA
> i don't think i added a "security = server" mode to the NT domain login
> code. sorry.
> is anyone maintaining an on-line TODO list? would anyone _like_ to
> maintain an html TODO list? gerry? :-)
Well, let me lay out what I am trying to do so that if it can't be
done maybe it'd be something easy to add (it seems like it from an outside
standpoint, but then I'm not the one doing all the coding <g>). Maybe
someone could even point an alternative solution for me.
I am a (student) supervisor of the Engineering College's computer
lab on campus here. Basically what that means is that I pull enough
weight to affect significant changes in my labs, but when it comes to
campus wide systems, I'm a peon.
I want to find a way to authenticate users to the campus NIS+
database so that the second a user walks into the lab they have to have a
valid Unix account to even log into NT. The biggest reason we want this
is for security and logging purposes, but there would be many other
benefits to authenticating to a Samba server.
Idealily what I would like to be able to do is have some computer
somewhere off on campus (which I won't have access to) be running Samba,
maybe not even w/ NTDOM support. This computer would have full access to
the NIS+ database. I would then have another computer (probably a Linux
box) sitting in my lab runnin the NTDOM version of Samba and having
security = server pointing across campus. This would allow tight enough
security to make all the admins happy, but still give individual domains
the access they to manage what computers get into their domain and how to
It seems like it wouldn't be to hard--but what to I really know--
to authenticate users (via a password server) and computers (via the
smbpasswd file) seperately. After all, Samba has to go through a computer
check and a user check anyway, it is just that both are in the same file.
This is something that I can see as really helping Samba gain for
ground in large Unix networks. Unfortunately I have no experiance at all
in Unix programming (DOS is another story), or I'd dig around in the
source myself and see if this were even possible; however I find myself
rather confused the second a system call is made...
Add it to the wish list I guess. :)
More information about the samba-ntdom