[Samba] question on authentication

mogambo mogambo13 at gmail.com
Wed Mar 3 11:59:43 MST 2010


Hi there,

I am trying to come up with a solution to the current Samba authentication
voes on the gateway server for our distributed file system.  We currently
use smbpasswd file on the gateway server for authentication, which is not a
secure way and requires each user to be specifically added in.

I do not have much experience with Samba, so I am still learning quite a bit
as I jump from documentation to documentation and look at the relevant
source code.  My hope is that there is a way around ADS membership for the
gateway server.  Our gateway server is diskless and as I understand, it
would require ADS administrator password everytime it reboots.

I would like to delegate the authentication to the metadata server, which
can already do the authentication locally, or with ADS.  It currently uses
ntlm_auth in ntlm-server-1 mode and passes in username/password when
accessing the filesystem from a regular client running our file system
driver.  If I can get the encrypted password to the metadata server, is
there a way to use ntlm_auth to play challenge/response game for
authentication?  It seemed possible from a few posts on the list, but I was
unable to find documentation other than the manpage.

Using mode = server and the Samba server running on the metadata server as
the password server could be another option, but details there are very hazy
for me.

Thanks,
-m.


More information about the samba mailing list