losing connections to password server
abartlet at samba.org
Thu Jun 26 04:33:37 GMT 2003
On Thu, 2003-06-26 at 14:22, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Thu, 19 Jun 2003, David Collier-Brown -- Customer Engineering wrote:
> > On Thu, Jun 19, 2003 at 08:53:17AM -0700, David Bear wrote:
> > >>"security = server" may be a nasty hack, but it is an important
> > >>'feature' in an organization like my university. We have centrally
> > >>managed services which include user accounts. This hack lets me add
> > >>users to samba services without having to manage accounts.
> > Steve Langasek wrote:
> > > So does "security = domain"; except that "security = domain" works,
> > > using the same protocols that Microsoft supports for their own
> > > authentication systems.
> > >
> > > The "security = server" hack is /inherently/ flaky, and has /inherently/
> > > limited security. Fixing these inherent flaws has been done: that's
> > > what domain security is.
> > Alas, security = domain only works if I'm running an
> > NT domain, while security = server works with an
> > authentication server which is using the underlying
> > Unix authentication system.
> Setup a Samba PDc and run the second Samba server as a domain member.
> Sorry Dave, but there are so many other ways to get distributed
> authentication to work in the case without using server mode security.
> Or setup Samba PDC's and BDC's or trusts once they are finished.
Or if you want distributed *plaintext* authentication (which is what I
*think* Dave was describing) then something like openldap/pam_ldap
radiusd/pam_radius sounds like the right kind of solution.
Fancy plaintext auth methods are really handled quite well by PAM.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030626/b24e9b71/attachment.bin
More information about the samba-technical