Building a custom auth back-end.

Andrew Bartlett abartlet at
Thu Jan 9 21:55:01 GMT 2003

On Fri, 2003-01-10 at 08:41, Christopher R. Hertel wrote:
> Abartlet, et. al.,
> I've been asked to check on something.  I haven't been working with this
> aspect of the authentication code in Samba so I need a little guidance.
> Question:  How hard is it, if we're *not* using PAM, to build a custom 
>            authentication back-end for Samba?

Not too hard, for Samba 3.0

> The reason that we (the University, where I work) are not using PAM is
> that there are a lot of servers out there on all sorts of platforms.  
> Some use PAM, some don't.  A general solution would need to work without.
> The authentication database is a big central system.  It can do RADIUS and
> LDAP and a few other schemes, but RADIUS is preferred.  It already stores
> NTLMv1 hashes.
> To give you an idea of scale (and why this is an interesting project), the 
> central database has on the order of 130,000 user entries.  We're a big 
> shop, in some ways, a lot of little shops in others.
> Anyway, the goal is to let Windows users connect to Samba servers, 
> authenticating against the central database.  I think it should be easy to 
> do, if we have the hooks to do it.  I think I remember someone saying we 
> have such hooks.  As you know, my head has been burried in my book so I'm 
> a little lost with regard to such things.

You really should just use the 'normal' pdb_ldap stuff, unless you have
a *really* good reason not to.  Because there is much more involved than
just getting the auth - we need the user in the SAM anyway.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list