[Samba] Logon question
Michael Joyner
mjoyner at ewc.edu
Mon Mar 4 04:40:25 GMT 2002
http://yptransitd.sourceforge.net/
would assist in those boxen which need access to LDAP
stored authentication via NIS.
(it is a NIS server which uses LDAP as the data-store)
Alex Dawson wrote:
> At 9:50 AM -0800 2/3/02, Stan S. wrote:
>
>> Good morning Samba gurus,
>> I had one of my managers ask me an interesting question yesterday, and
>> I did
>> not have an answer for him.
>>
>> The question was, "is it possible for samba to authenticate a Unix logon
>> between Sun, SGI, and Linux and control nfs shares?" I have never
>> heard of
>> using Samba this way.
>> Is it even possible?
>
>
> winbindd, as previously noted, is a PAM module which supports
> authentication for logins etc. However, it only works on systems that
> use PAM (plugable authentication modules). On other systems, you will
> still run into problems.
>
> We run a lab of 25 SGI Indys, about 30 Solaris 8 boxes, and about 80
> windows NT machines. We pondered using winbindd, however the problem
> being that IRIX 5.3 (latest which runs on the indys) does not support
> PAM or LDAP, which meant it wouldn't work for us.
>
> What we have done in the end is use an LDAP database (supported very
> nicely in Samba 2.2.3a - well done people) to store authentication
> information, such as nt/lm password hashes, and also DES password
> hashes. We then use a crontab to run a perl file we wrote in house to
> regenerate the yp makes for the yp domain on the SGI indys we have,
> while the Solaris machines authenticate directly to the LDAP server
> (using openLDAP's PAM modules for solaris 8), and the NT machines
> authenticate to Samba which in turn consults LDAP to authenticate.
>
> For password changing at this point we have a SSL webpage for users to
> visit, which in turn enforces password "goodness", runs a perl script to
> generate the appropriate hashes, and then updates the LDAP database
> directly. We have the appropriate flag set for users in the sambaAccount
> record to prevent them from changing their password at control-alt-delete.
>
> As for NFS.. depends on how many clients/servers you have, but soft
> static mounts are a nice way to go. Samba can't really be used as a
> replacement of autofs or amd.
>
> Good luck.
More information about the samba
mailing list