Samba/HP-UX question.

MCCALL,DON (HP-USA,ex1) don_mccall at hp.com
Thu Jan 17 06:12:46 GMT 2002 

Hi Andrew,
The latest 2.2.3 CVS has all the changes necessary to build winbindd on
HP-UX, if you are using the HPUX ANSI C compiler.  It's very new, but have
been able to use it to get telnet and ftp access to hpux by logging in as
DOMAIN/NTUSERNAME  and being authenticated via pam_winbind to the NT Domain
that samba joined...  Still needs a LOT of testing, but anyone with HP-UX
that wants to play around with this functionality should check out the
latest 2.2 CVS tree...
Hope this helps,
Don


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at pcug.org.au]
Sent: Thursday, January 17, 2002 7:17 AM
To: Ladner, Eric (Eric.Ladner)
Cc: 'samba at lists.samba.org'
Subject: Re: Samba/HP-UX question.


"Ladner, Eric (Eric.Ladner)" wrote:
> 
> Couple of questinos.. I've poked around the web a bit and the Samba
> documentation and haven't really found a good answer.
> 
> Given an HP-UX 11.0 system and the latest 2.X Samba distro, here's what
I'm
> trying to do:
> 
> Use Samba (possibly with winbind?) functionality to allow authentication
via
> a NT PDC.
> 
> The problem I'm having visualizing is how that authentication happens.  At
> the system level, all of these things go through getpwent (or the
> secure/shadow version of that call).  How exaclty can that call be
hijacked
> by Samba and redirected to an NT domain for authentication?

Winbind simply disables all passwords in this case.  

> The basic problem is that we have an application (call it X) that requires
a
> LOT of users and concequently a LOT of password changes, corporate IT
> password standards that the application dosn't support, etc.. It's messy.
> 
> What we'd like to see is that the username/password that the user types in
> to the application interface is authenticated via a PDC rather than the
> /etc/passwd file.
> 
> This application does NOT use PAM.  This I think has been my roadblock up
to
> now.

And so it shal remain.  If you have the sources for the app you could
use the winbind interface directly, without going via PAM.

> Does the getpwent code have flexibility?  I.e. can something be put in
> resolv.conf to allow for alternate resolution for passwords?  Did I miss a
> document somewhere?

What you propose (somehow putting a crypt-compatible password in a
getent return isn't possible.  

> Sorry for the rambling email, but I'm not sure where to start at the
moment.

BTW, does winbind support HP-UX yet?

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list