[Samba] Logon question

Michael Joyner mjoyner at ewc.edu
Mon Mar 4 04:40:25 GMT 2002


http://yptransitd.sourceforge.net/

would assist in those boxen which need access to LDAP
stored authentication via NIS.
(it is a NIS server which uses LDAP as the data-store)

Alex Dawson wrote:

> At 9:50 AM -0800 2/3/02, Stan S. wrote:
> 
>> Good morning Samba gurus,
>> I had one of my managers ask me an interesting question yesterday, and 
>> I did
>> not have an answer for him.
>>
>> The question was, "is it possible for samba to authenticate a Unix logon
>> between Sun, SGI, and Linux and control nfs shares?" I have never 
>> heard of
>> using Samba this way.
>> Is it even possible?
> 
> 
> winbindd, as previously noted, is a PAM module which supports 
> authentication for logins etc. However, it only works on systems that 
> use PAM (plugable authentication modules). On other systems, you will 
> still run into problems.
> 
> We run a lab of 25 SGI Indys, about 30 Solaris 8 boxes, and about 80 
> windows NT machines. We pondered using winbindd, however the problem 
> being that IRIX 5.3 (latest which runs on the indys) does not support 
> PAM or LDAP, which meant it wouldn't work for us.
> 
> What we have done in the end is use an LDAP database (supported very 
> nicely in Samba 2.2.3a - well done people) to store authentication 
> information, such as nt/lm password hashes, and also DES password 
> hashes. We then use a crontab to run a perl file we wrote in house to 
> regenerate the yp makes for the yp domain on the SGI indys we have, 
> while the Solaris machines authenticate directly to the LDAP server 
> (using openLDAP's PAM modules for solaris 8), and the NT machines 
> authenticate to Samba which in turn consults LDAP to authenticate.
> 
> For password changing at this point we have a SSL webpage for users to 
> visit, which in turn enforces password "goodness", runs a perl script to 
> generate the appropriate hashes, and then updates the LDAP database 
> directly. We have the appropriate flag set for users in the sambaAccount 
> record to prevent them from changing their password at control-alt-delete.
> 
> As for NFS.. depends on how many clients/servers you have, but soft 
> static mounts are a nice way to go. Samba can't really be used as a 
> replacement of autofs or amd.
> 
> Good luck.






More information about the samba mailing list