External Authentication? (WAS: http://www.samba.org links to )

John E. Malmberg wb8tyw at qsl.net
Mon Sep 13 17:25:50 GMT 2004


In article <515F3267F3E00F41A98150C9F1E204C257E287 at web-server.wakeassoc.com>,
 mdo at wakeassoc.com writes:
> John,
>
> If you have time, can you add the ability to have SAMBA operate as a VMS
> password provider (aka Pathworks) that can update the VMS password from a
> Windows Domain?

I may look at it down the road a bit.

Actually, I do not think that Pathworks updates the VMS password from the
Microsoft domain.  It sends the password to the domain controller and accepts
the result.  It may then update the VMS password for use in case the domain
controller is down, but I do not know about that.

I think that the required acme$ interfaces are now publically documented.

I do not have a system running that can be a domain controller at this time
for testing though.

For people interested on working on this, the procedure should be:

1. Get password from the user.
2. Send password to the domain controller for authentication.
3. Generate a local VMS hash for the password, and update the sysuaf for that
   user if different.
4. Update the local SMBPASSWD file with the NT and lanman passwords if needed.


The SMBPASSWD program needs to be installed with privilege so that the SMB
PASSWORD file can be protected with NO access to non-privileged users.

The SMBCLIENT program should be modified to use the SMB PASSWORD file as a
PROXY database so that the user does not have to enter their password, or track
it separately as an environmental variable.  That will also require it
to be installed with privilege enough to read the SMB PASSWORD file.

That makes it easy to set up a print queue to print to a LANMAN printer with
the username of the logged in user.

At the present time, I will likely be doing only fine-tuning and not much in
the way of inovation.

And from what I have learned in the past week, I need to get a build
environment using logical name search lists, and .MMS scripts, otherwise it is
too long on my hardware to make test builds, and too easy to mess something
up.

I also need to set up a todo list.

-John
wb8tyw at qsl.net
Personal Opinion Only



More information about the samba-vms mailing list