On 6 Jan 2006, at 16:24, brunogola wrote:
My notebook running linux is already authenticating against the
win. domain (AD). I've done this using samba,
kerberos5 and winbind (pam modules etc), thats woring perfectly :-)
Now, what i need : my desktop (that is another linux machine)
authenticanting against my notebook, using samba,
but the problem is that samba is already configured @ the notebook
as a AD Domain member :S.
...
Well, the principal service is a VMWare GSX Server running on my
notebook, i need to be able to authenticate
(using the vmware-console) from any machine in my network (windows
or linux). I think the vmware thing is the
less important part, cause it should be easy editing pam.d/vmware-
authd after everthing is configured.
...
I want to have bgola on the linux machine for a control propose,
or, only authenticate if the user exists on
the machine. This is already working for console/ssh/etc on the
Notebook.
I'm afraid I'm not sure how much I can help here - it's not something
I'd do because philosophically I disagree with your approach. That's
not to say it's not right _for you_ but I wouldn't have a user in two
places (on the Linux box & the AD). You even have the possibility
with this approach, I think to separate separate users & passwords
(for a single auth) between the two boxes. Will VMWare GSX use the ~
for the user on the Linux box or for the user on the AD to store its
files?
Personally, I'd have the user exist on the domain or possibly on the
Linux box, but not on both.
Since you say that VMWare GSX Server (which I'm not familiar with)
uses PAM it should be possible to get this to authenticate users on
either the AD or /etc/passwd OR BOTH. It should be possible to use
some other mechanism - possibly group memberships - to restrict
VMWare GSX Server log-in rights to or from certain users. Dovecot
IMAP, for instance, has a "deny passdb" and also a valid userID
range. I would personally consider this kind of approach more elegant.
I'm not trying to be snobby saying "I wouldn't do it this way", just
sorry I can't help. Good luck with it.
Stroller.
--
gentoo-user@gentoo.org mailing list