[Samba] Logon question

Alex Dawson alex at ee.uwa.edu.au
Sat Mar 2 22:03:06 GMT 2002 

At 9:50 AM -0800 2/3/02, Stan S. wrote:
>Good morning Samba gurus,
>I had one of my managers ask me an interesting question yesterday, and I did
>not have an answer for him.
>
>The question was, "is it possible for samba to authenticate a Unix logon
>between Sun, SGI, and Linux and control nfs shares?" I have never heard of
>using Samba this way.
>Is it even possible?

winbindd, as previously noted, is a PAM module which supports 
authentication for logins etc. However, it only works on systems that 
use PAM (plugable authentication modules). On other systems, you will 
still run into problems.

We run a lab of 25 SGI Indys, about 30 Solaris 8 boxes, and about 80 
windows NT machines. We pondered using winbindd, however the problem 
being that IRIX 5.3 (latest which runs on the indys) does not support 
PAM or LDAP, which meant it wouldn't work for us.

What we have done in the end is use an LDAP database (supported very 
nicely in Samba 2.2.3a - well done people) to store authentication 
information, such as nt/lm password hashes, and also DES password 
hashes. We then use a crontab to run a perl file we wrote in house to 
regenerate the yp makes for the yp domain on the SGI indys we have, 
while the Solaris machines authenticate directly to the LDAP server 
(using openLDAP's PAM modules for solaris 8), and the NT machines 
authenticate to Samba which in turn consults LDAP to authenticate.

For password changing at this point we have a SSL webpage for users 
to visit, which in turn enforces password "goodness", runs a perl 
script to generate the appropriate hashes, and then updates the LDAP 
database directly. We have the appropriate flag set for users in the 
sambaAccount record to prevent them from changing their password at 
control-alt-delete.

As for NFS.. depends on how many clients/servers you have, but soft 
static mounts are a nice way to go. Samba can't really be used as a 
replacement of autofs or amd.

Good luck.
-- 
Alex Dawson                                    CSU - Systems Administrator
     +-------------------+------------------------------------------------+
    /Tel: (08) 9380 1587/           Electrical and Electronic Engineering/
   /Fax: (08) 9380 1065/                 University of Western Australia/
  /alex at ee.uwa.edu.au /                  http://www.ee.uwa.edu.au/~alex/
+-------------------+------------------------------------------------+

The following line brought to you by the ESOS Act 2000, section 107:
"CRICOS Provider Code: 00126G"

More information about the samba mailing list