PAM-NTDOM: Compile Errors
Elrond
elrond at samba.org
Sat Jul 8 14:52:27 GMT 2000
On Sat, Jul 08, 2000 at 11:48:12PM +1000, Paul J Collins wrote:
> >>>>> "Gerald" == Gerald Carter <gcarter at valinux.com> writes:
>
> Gerald> On Sat, 8 Jul 2000, Elrond wrote:
> >> I somehow remember, for pam_ntdom to work, you must run
> >> netlogond localy or somesuch... Take a look at
> >> pam_ntdom/README
>
> Gerald> I'm sorry, but that is just bad. Was that Luke's idea?
> Gerald> That makes pam_ntdom unusable. :-( A PAM module should not
> Gerald> require you to turn your machine into a server.
>
> You're not turning your machine into a server. All NT boxes
> (Workstations and Servers) run NETLOGON.EXE as a service that
> WINLOGON.EXE (in conjunction with MSGINA.DLL) communicates with when
> you log on to a domain.
>
> Complaining about having to run netlogond to log on to an NT domain is
> like complaining about having to run ypbind to log on to an NIS
> domain.
>
> In addition, netlogond is around 119K in size on my box. Do you
> really want a pam module of that size being loaded for every login?
>
> Paul.
Thanks for the explanations,
I've just started to read around in pam_ntdom. And it looks
like one needs to run netlogond and lsarpcd, because
netlogond is used to forward (or answer) the request, and
lsarpcd stores the secrets for the secure-channsl to the
remote domains.
And for winbindd/pam from a realy quick glance, it looks
like one needs lsarpcd at least.
Elrond
More information about the samba-ntdom
mailing list