abartlet at samba.org
Fri Nov 7 10:42:19 GMT 2003
On Thu, 2003-11-06 at 22:47, Simo Sorce wrote:
> On Thu, 2003-11-06 at 11:16, Sevastian Foglia wrote:
> > I'm developing an application that uses libsmbclient and samba-vfs.
> > When a client connects to a share on my samba server, samba-vfs passes
> > the gathered information to a local daemon that uses smbclient to connect
> > to another samba server. I have both workgroup and username, but I don't
> > have his password. Is there a way to authenticate to the samba server on
> > the other side with the supplied username (notice that both servers have
> > the same user database) ?
> > As written in documentation I found I must initialize the samba client
> > library with smbc_init.
> > I saw in testsmbc.c that first argument of smbc_init is a function which is
> > used to get workgroup and user informations from stdin.
> > Now, my application is a daemon and I want nothing is been printed to
> > stdout and read from stdin.
> Ok basically you are extending the concept of security = server to file
> Look at the code in samba that implements security = server, you will
> have to modify the samba server code in order to keep the hashed
> password and not delete it.
> This method cannot work in a domain environemnt when you are a member
> server and not the PDC, in that case the member server will never see
> the hashed password.
The better option really is to do this with kerberos, and
proxied/impersonation tickets etc. But it is possible to implement a
module like auth_smbserver to handle this, passing back and forth the
challenge-response values. Note, this breaks as soon as somebody
enforces SMB signing etc.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031107/517a44b8/attachment.bin
More information about the samba-technical