[Samba] Samba+MySQL+Apache Authentication = possible?

Andrew Bartlett abartlet at samba.org
Tue Aug 30 00:56:30 GMT 2005 

On Mon, 2005-08-29 at 08:56 +0200, (C)ollen wrote:
> Hmm, must be do-able,
> 
> there are several modules for apache available.
> mod_ntlm for example.. lets you authenticate against a PDC (pref. samba)
> nomather what backend you use.

I strongly recommend against the use of mod_ntlm (and likewise pam_smb),
due to the age of the codebase involved.  For NTLM authentication,
mod_ntlm_winbind is available, and hooks into ntlm_auth, but doesn't do
basic auth (and needs an apache2 version written).  

Also, while we are looking to improve the situation, there are currently
issues with maintaining the experimental MySQL module for Samba.  My
suggestion is to use LDAP where possible.

> there are also some PAM modules around, so you can setup apache to use 
> PAM for authentication, and then you let PAM use the PDC.

My preferred option is Samba on LDAP, with Heimdal 0.7 KDC backed onto
the LDAP database.  I then use mod_auth_kerb for my apache servers.

> just google around...
> 
> Greetz
> 
> Collen (MLHJ)
> 
> Martin Lefebvre wrote:
> > Good evening,
> > 
> > I don't know if this is the right place to ask... but I gotta start 
> > somewhere..
> > 
> > I have Samba setup as a PDC for my domain using the MySQL passdb backend for 
> > authentication. I would also like to use other components such as 
> > mod_auth_mysql for apache authentication.
> > 
> > Is there a way that it can use one of the 2 password fields from the samba 
> > MySQL table (nt_pw or lm_pw) in order to do the authentication through the 
> > web server?
> > 
> > With mod_auth_mysql, I can set several encryption methods, such as md5, or 
> > des, etc. The passwords in the samba MySQL table seem to be encrypted with 
> > md5 (I'm saying that just because they're all 32 characters long)

No, the NT password is MD4(unicode(password)) and a the LM password is
DES(ASCII(PASSWORD))

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050830/e2814125/attachment.bin

More information about the samba mailing list