[Samba] 2 factor authentication with samba

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri Jan 24 07:46:53 MST 2014

RSA Authentication Manager + Securid tokens might be an option.   It is 
a commercial product, not fee.      I haven't used it with Windows 
desktop authentication for a while.  If a remember correctly, you 
install the RSA agent for Windows on each PC, then when the user logins 
in, he or she is prompted for user id, windows password and Secure ID 
passcode. (Passcode is your PIN  + the token code that changes every 30 
- 60 seconds on your token.)   Samba server itself is unaware of the RSA 

The RSA agent for linux is a pam agent (or alternately, you can use 
RADIUS  to talk to RSA server)   although getting Samba to work with pam 
or other external authentication might require using passwords stored in 
plain text or transmitted in the clear or something undesirable.

RSA will provide trials, including tokens.

On 01/22/14 05:18, Sven Schwedas wrote:
> Hi,
> On 2014-01-22 10:57, Christian wrote:
>> Hi,
>> has anyone experience using 2 factor auth with samba?
>> I just search for a stable/production ready solution, preferred with otp
>> dongles.
>> I have searched through the list archives but couldn't find anything
>> usable.
>> Google just gave me some links to Univention Corporate Server with LinOTP.
> We've been using UCS (albeit without LinOTP) for a few years, it's not
> too bad. You might want to ask their support for details.
>> Has anybody ever done such a setup with samba? And could give me any hints?
> No idea. If all you need are file shares, any generic PAM-based solution
> will work. Domain authentication needs explicit Samba support, however.
>> Best Regards,
>> Christian

More information about the samba mailing list