[Samba] ADS membership with Samba 3.0.4

[sandeep.sundaram at wipro.com]

Hi,

Thanks for that information.

So, now if I am to include Winbind, I would like to know what other
system libraries (Linux based) winbind uses. The deciding factor now
would be on how easy or tough it would be to get these libraries running
on some thing like VxWorks.

As far as I remember, in the 2.2.x series, if Samba was configured with
security = DOMAIN, then smbd would connect to the password server / PDC
and get the user authenticated.

Is there any way I can configure the 3.x series to do this ?!!

Even if I can get a small hint, pointing to the code I need to touch
upon, I can take it up from there. I have seen this kind of a code in
the auth_domain.c file. But I'm not sure how to configure Samba, with
security set to ADS, to get to use this mechanism.

Would really appreciate it if some one could help me out on this.

Thanks and Regards,
Sandy


-----Original Message-----
From: Christoph Scheeder [mailto:christoph.scheeder at scheeder.de]
Sent: Wednesday, August 11, 2004 12:43 PM
To: Sandeep Sundaram (WT01 - EMBEDDED & PRODUCT ENGINEERING SOLUTIONS)
Cc: samba at lists.samba.org
Subject: Re: [Samba] ADS membership with Samba 3.0.4


Hi,
1.) Yes you definitly need the winbind/nss stuff, as it is the part of
samba that does what you want: ask an ADS server to verify the
credentials a user supplys when logging in to samba.
2.) no, it is not sufficient. But you need a working Kerberos library to
get winbind to work. Christoph

sandeep.sundaram at wipro.com schrieb:
> Hi,
>
> We are in the process of evaluating the possibility of porting Samba
> 3.0.4 to VxWorks.
>
> Features wise we don't see any problems. But our main concern is on
> the security. Since we do not have the concept of Users and Groups on
> VxWorks, we cannot have any authentications as such.
>
> So, the other possibility is to pass on the authentication to another
> Server on the network, typically a AD server (since Samba is required
> to be a part of a domain)
>
> All the documents that we have seen so far, regarding the ADS
> membership, talk about winbind and NSS.
>
> My question here is,
>
> 1. Do I really need winbind or NSS since I am not maintaining any
> Users or Groups locally ?!
>
> 2. Is it sufficient if I get the Kerberos and sasl support to work on
> VxWorks ?!
>
> Regards,
> Sandeep Sundaram
>
>
>
>
>
>
>
>
> Confidentiality Notice
>
> The information contained in this electronic message and any
> attachments to this message are intended for the exclusive use of the
> addressee(s) and may contain confidential or privileged information.
> If you are not the intended recipient, please notify the sender at
> Wipro or Mailadmin at wipro.com immediately and destroy all copies of
> this message and any attachments.




Confidentiality Notice

The information contained in this electronic message and any attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
you are not the intended recipient, please notify the sender at Wipro or Mailadmin at wipro.com immediately
and destroy all copies of this message and any attachments.