Johann Hanne wrote: > > > Basically there are hooks in winbindd (through the AUTH_CRAP command) to > > authenticate using a challenge and nt/lm responses. > Wow. Thanks for that hint. I have patched rh73's samba-2.2.3a to include > the winbind crap stuff and now have a wbinfo -a with both plaintext > password authentication and challenge/response password authentication > working. > > I already had a look at wbinfo.c and it seems trivial to me to modify > wbinfo_auth_crap() so that it works in an apache module. I'll try to > rewrite it so we don't run into another GPL violation. Expect results > early next week.
No need for that. Just download the mod_ntlm_winbind CVS module from samba.org (CVSWEB link: http://cvs.samba.org/cgi-bin/cvsweb/mod_ntlm_winbind/ ) and fix it up for the current protocol. If you are just doing plaintext (that is, the client at the far end sends you a plaintext password, not a NTLMSSP challange-response password) then just use pam_winbind the mod_auth_pam. That will allow you use a much more stable interface, as we do change the winbind pipe from time to time. I think that kinkie actually got the mod_ntlm_winbind update done, but I'll need to catch up with him on it. (CC'ed). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net