"storing" username/sid/group id after authentication

mogambo mogambo13 at gmail.com
Tue Mar 9 11:23:19 MST 2010 

I am trying to come up with a solution to the current Samba
authentication voes on the gateway server for our distributed file
system.  The gateway server provides CIFS and other services backed by
a proprietary vfs plugin filesystem driver.  We currently use
smbpasswd file, where each user needs to be explicitly added with
their passwords.

Ideally, I would like to delegate the authentication to the remote
metadata server.  It already talks to the ADS via ntlm_auth in
ntlm-server-1 mode and passes in the username/password when accessing
from a regular client.  As a side question, if I can get the encrypted
password to the metadata server, is there a way to use ntlm_auth to
play challenge/response game for authentication?  It seemed possible
from a few posts on the list, but I was unable to find documentation
other than the manpage.

If the above is not possible, I am wondering if I can use mode = ADS/server
on the gateway server and add the user id or security token of the validated
user to the default mount point which is same across all users.  The
interface between the filesystem driver and the metadata server is still
being worked upon.  I want to identify the information and how to extract it
from Samba server.

I do not have any prior experience with Samba, so I may not be asking the
right questions, or giving enough information. Thank you very much for your
help.

-s.

On Tue, Mar 9, 2010 at 3:13 AM, Volker Lendecke
<Volker.Lendecke at sernet.de>wrote:

> On Mon, Mar 08, 2010 at 07:09:38PM -0800, mogambo wrote:
> > I need to make an ioctl call into my vfs plugin to store the successfully
> > authenticated username and other info into an internal data structure on
> the
> > mount point.  This is in order to be able to manage access permissions,
> etc.
> >  What would be an ideal place in Samba to make this call?  Ideally, I
> would
> > like a place that is independent of authentication mode.
>
> Can you describe in a bit more detail what you are trying to
> achieve? A bit more about the "big picture"?
>
> Thanks,
>
> Volker
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkuWLWAACgkQbZMKAi3WUkllNgCfSOUWGeqQ9JalULGxUtrPiGi6
> sNMAnRsEweA+T3wAMgNyV5kAz3MvugPY
> =i31B
> -----END PGP SIGNATURE-----
>
>

More information about the samba-technical mailing list