[Samba] Logon question
Alex Dawson
alex at ee.uwa.edu.au
Sat Mar 2 22:03:06 GMT 2002
At 9:50 AM -0800 2/3/02, Stan S. wrote:
>Good morning Samba gurus,
>I had one of my managers ask me an interesting question yesterday, and I did
>not have an answer for him.
>
>The question was, "is it possible for samba to authenticate a Unix logon
>between Sun, SGI, and Linux and control nfs shares?" I have never heard of
>using Samba this way.
>Is it even possible?
winbindd, as previously noted, is a PAM module which supports
authentication for logins etc. However, it only works on systems that
use PAM (plugable authentication modules). On other systems, you will
still run into problems.
We run a lab of 25 SGI Indys, about 30 Solaris 8 boxes, and about 80
windows NT machines. We pondered using winbindd, however the problem
being that IRIX 5.3 (latest which runs on the indys) does not support
PAM or LDAP, which meant it wouldn't work for us.
What we have done in the end is use an LDAP database (supported very
nicely in Samba 2.2.3a - well done people) to store authentication
information, such as nt/lm password hashes, and also DES password
hashes. We then use a crontab to run a perl file we wrote in house to
regenerate the yp makes for the yp domain on the SGI indys we have,
while the Solaris machines authenticate directly to the LDAP server
(using openLDAP's PAM modules for solaris 8), and the NT machines
authenticate to Samba which in turn consults LDAP to authenticate.
For password changing at this point we have a SSL webpage for users
to visit, which in turn enforces password "goodness", runs a perl
script to generate the appropriate hashes, and then updates the LDAP
database directly. We have the appropriate flag set for users in the
sambaAccount record to prevent them from changing their password at
control-alt-delete.
As for NFS.. depends on how many clients/servers you have, but soft
static mounts are a nice way to go. Samba can't really be used as a
replacement of autofs or amd.
Good luck.
--
Alex Dawson CSU - Systems Administrator
+-------------------+------------------------------------------------+
/Tel: (08) 9380 1587/ Electrical and Electronic Engineering/
/Fax: (08) 9380 1065/ University of Western Australia/
/alex at ee.uwa.edu.au / http://www.ee.uwa.edu.au/~alex/
+-------------------+------------------------------------------------+
The following line brought to you by the ESOS Act 2000, section 107:
"CRICOS Provider Code: 00126G"
More information about the samba
mailing list