[Samba] 'multi-layered' authentication

Andrew Bartlett abartlet at samba.org
Thu Jan 29 21:29:13 GMT 2004

On Thu, 2004-01-29 at 08:08, webster at lexmark.com wrote:
> Thanks for the reply.
> Sorry if I've not been clear on my requirements.
> For a given list of IP subnets, I need to allow everyone access.

Allow them access as themselves, without passwords, as guest, without

Simple application of 'guest ok' and 'hosts allow' should fix that.

> Outside this list, I need to do user authentication.
> Many of these clients are WinXP (& 2K), which requires using
> encrypted passwords.
> Ideally, I would authenticate against a 'corporate' LDAP server.
> No one is using a 'common' (with other apps) LDAP server to do
> encrypted Samba authentication?

You cannot do 'ldap authentication' in the way many other applications
have done it in the past.

> What are my practical choices for doing encrypted Samba 
> authentication against?  1) smbpasswd, & 2) a Windows domain ?

1) A Samba passdb backend (can store smbpasswd values in LDAP)
2) A windows domain

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040130/ce18d1c7/attachment.bin

More information about the samba mailing list