Client for Samba networks

Osama Dengler osama at denglernet.de
Wed Dec 19 03:07:49 GMT 2001 

I am currently working on a GINA / Windows NT Authentication Package
that allows NT to authenticate against a LDAP directory. I've it running here
and can make the sources available if required. The thing works like this:

1.) In the GINA logon dialog the user can select between standard NTLM
     and LDAP authentication.

2.) If NTLM auth. is desired, the MSV1_0 authentication package is used.

3 ) Otherwise a self-written Authentication Package named LdapLsaAp performs
     simple authentication against the given LDAP directory.

Currently I'm working at retrieving the user's information such as Profile path,
home directory, etc... via LDAP. This should be done in a few days. So far
it seems to work fine, however this is _not_ a replacement for the SAM routines,
since usermgr, the ACL code etc. don't use Authentication packages to get their
information. Perhaps this could be handled in a complete security package.

Since the project is in it's _very_ beginning there is still a lot to do:
- Test with W2k / XP
- add a custon security package
- perhaps replace the whole SAM thing as it is the wors thing MS ever invented
- review the whole concept under terms of security.

If anybody is interested in this code, please feel free to contact me and I'll provide
You with the sources. If there is enough interest I can also make it available on
the web. I'm very interested in people modifying, correcting, testing, etc !

greetings, Osama

> Steven French wrote:
> >  Getting an open network provider DLL and/or GINA 
> > (logon module) for CIFS on Windows 2000/XP would
> > be a big help but also tricky to write 
> 
> 	We've seen two partial sucesses with
> 	GINA already, IBM's and the nsgina
> 	for nis (yp), so it's at least possible...
> 
> 	A GINA that does a minimal window,
> 	collects data and ships it to an
> 	authentication server in some
> 	appropriate format, and then displays
> 	a sucess indication or a server-	
> 	supplied error message would allow us to
> 	build suitable back-ends, and might
> 	be more maintainable than previous ones.
> 
> 	I, for one, would love to see a GINA
> 	I could update via the default login.bat (;-))
> 	that would be independant of the 
> 	authentication mechanism.
> 
> --dave
> -- 
> David Collier-Brown,           | Always do right. This will gratify 
> Americas Customer Engineering, | some people and astonish the rest.
> SunPS Integration Services.    |                      -- Mark Twain
> (905) 415-2849                 | davecb at canada.sun.com
> 


---
Osama Dengler
http://www.jazz-on-the-rocks.de/

More information about the samba-technical mailing list