[Samba] 'multi-layered' authentication

Andrew Bartlett abartlet at samba.org
Wed Jan 21 00:08:54 GMT 2004


On Sat, 2004-01-17 at 07:00, webster at lexmark.com wrote:
> I need to allow [read] access to a Samba server using both IP filtering & 
> UserIDs .
> 
> For a given list of IP subnets, any user should have access.
> Outside these 'trusted' subnets, I need to do User authentication.
> 
> I can handle the User authentication OK in several ways.
> However, I don't see any way to do the 'short circuit' allow for some IPs, 
> then use User authentication after that.
> If I do a 'deny', in the InetD or in Samba, then the 'untrusted' subnets 
> are denied, & not allowed to try logging-in .
> 
> Any ideas?
> 
> I originally thought that PAM would give me this functionality, but now I 
> don't see it.
> Is PAM at all popular for Samba 'authentication' ?

You could set 'obey pam restrictions', and then write an 'account'
module the enforced these restrictions.  That assumes you want to always
require passwords, but only allow some particular accounts from the
untrusted IPs.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040121/9932529a/attachment.bin


More information about the samba mailing list