losing connections to password server
Andrew Bartlett
abartlet at samba.org
Thu Jun 26 04:33:37 GMT 2003
On Thu, 2003-06-26 at 14:22, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 19 Jun 2003, David Collier-Brown -- Customer Engineering wrote:
>
> > On Thu, Jun 19, 2003 at 08:53:17AM -0700, David Bear wrote:
> > >>"security = server" may be a nasty hack, but it is an important
> > >>'feature' in an organization like my university. We have centrally
> > >>managed services which include user accounts. This hack lets me add
> > >>users to samba services without having to manage accounts.
> >
> > Steve Langasek wrote:
> > > So does "security = domain"; except that "security = domain" works,
> > > using the same protocols that Microsoft supports for their own
> > > authentication systems.
> > >
> > > The "security = server" hack is /inherently/ flaky, and has /inherently/
> > > limited security. Fixing these inherent flaws has been done: that's
> > > what domain security is.
> >
> > Alas, security = domain only works if I'm running an
> > NT domain, while security = server works with an
> > authentication server which is using the underlying
> > Unix authentication system.
>
> Setup a Samba PDc and run the second Samba server as a domain member.
> Sorry Dave, but there are so many other ways to get distributed
> authentication to work in the case without using server mode security.
>
> Or setup Samba PDC's and BDC's or trusts once they are finished.
Or if you want distributed *plaintext* authentication (which is what I
*think* Dave was describing) then something like openldap/pam_ldap
radiusd/pam_radius sounds like the right kind of solution.
Fancy plaintext auth methods are really handled quite well by PAM.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030626/b24e9b71/attachment.bin
More information about the samba-technical
mailing list