Using Samba as a proxy authentication service?
bkeats at spiff.chin.gc.ca
Mon Dec 4 14:13:43 GMT 2000
Are there any examples out there of using either pam_ntdom or winbindd to
authenticate users for 'squid' proxy servers ? If so I would be curious to see
how this is done as well.
On Mon, 04 Dec 2000, Mike Brodbelt wrote:
> I'd like to able able to use Samba (or samba services, at any rate) to
> allow me to authenticate users against NT Domain accounts from external
> programs. I know that PAM modules and suchlike exist for general logon
> authentication, but my situation is slightly different, and I'm not sure
> of the best way to take advantage of the existing support.
> Users here retrieve mail from a server running sendmail. I use vacation
> to deal with "out of office" messages and similar things. Currently,
> this has to be done for them by an admin, as the users have no direct
> shell access, and wouldn't know what to do with a shell if it bit them.
> What I'd like to be able to do is provide a GUI interface through which
> they can handle this for themselves.
> To achieve this securely, I need to be able to authenticate each user.
> I'd like to be able to use the Samba mechanisms to do this - all the
> users have accounts on an NT domain controller, and the server from
> which they would retrieve their mail is running Samba. Is there an API,
> accessible (preferably from perl), through which I can authenticate a
> users against their NT domain account within my CGI script?
> I have the idea that it may be possible to achieve this sort of thing
> with winbindd, and that I should simply be able to call getpnam() from
> perl, but my ideas become hazy here. I can't see how winbindd would
> allow me to authenticate for just thes service. The users in question
> will all have a Unix account (though some will be mapped via "username
> map"), but I don't want to use NT auth in a global manner (they have no
> need to able to log onto a shell account) - just for this particular
> service. I really want to be able to pass a username/password to NT, and
> have an OK/Not OK response come back.
More information about the samba-technical