abartlet at samba.org
Fri Apr 12 16:27:36 MDT 2013
On Fri, 2013-04-12 at 23:47 +0200, Yoann Gini wrote:
> I’m new here, I’m an OS X system administrator and also a developer. I
> currently try to understand how Samba work to integrate a 3.x branch
> with the Apple OpenDirectory.
> Since Apple has drop their support of Samba, we haven’t any way to
> support Windows domain emulation. I’ve reverse the Apple
> PasswordService protocol and I should be able to check a SMB-NT
> challenge (or even NTLM hash) against it if I can get one.
> So, I’m wondering, where can I find some documentation / example /
> source code in the source tree about Samba backend? Do you have any
> documentation about how to write your own Samba backend? Or for
> example, which source file of existing backend are simple enough to be
> taken as a sample code?
It should be possible to just forward-port the code Apple used with
Samba 3.0 (which they published per the GPL) and use that in later
versions. The APIs involved haven't changed drastically in later
versions, but it will require work.
Of course, you are free to re-implement this as well. My understanding
is that OpenDirectory 'just' looks like a normal pdb_ldap (so wouldn't
require major changes), and the auth module could be rewritten based on
auth_winbind for example.
The issue is things like password changes, which required an intensive
patch to the code, which like Apple's other changes, never got submitted
Another approach which could be very interesting would be to use the
Heimdal code in Samba 4.0 to directly read the passwords from the MIT
However, frankly, these cavet's on fork() make a number of us wonder
about if Samba is long-term viable on OSX:
Other Samba users have successfully completed (via the MIT KDC key
store) a migration from OpenDirectory to Samba 4.0 as an AD DC.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical