Re: [Samba] Authenticating against local PAM configuration
On Fri, Apr 15, 2011 at 02:38:45PM -0500, Madhusudan Singh wrote: > As I mentioned earlier, easy or not, winbind has in the past not proven to > be stable and easy or not, I want to avoid using it. > > The facts of the case are - I have a robust LDAP based authentication that > is working. > > Can I just ask Samba to use the local PAM configuration (regardless of what > it is) ? That way, if this windows environment changes authentication > mechanisms again, I will have only thing to fix instead of the mess that ADS > is (plus, I will need to ask our IT folks to come do a net ads join for us). If you mean to use PAM for password checking, then unfortunately it is not possible. The PAM API expects plain text passwords from the application, something which Samba does not have. Probably you just can't export CIFS from Linux if PAM is your only option. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Authenticating against local PAM configuration
As I mentioned earlier, easy or not, winbind has in the past not proven to be stable and easy or not, I want to avoid using it. The facts of the case are - I have a robust LDAP based authentication that is working. Can I just ask Samba to use the local PAM configuration (regardless of what it is) ? That way, if this windows environment changes authentication mechanisms again, I will have only thing to fix instead of the mess that ADS is (plus, I will need to ask our IT folks to come do a net ads join for us). On Fri, Apr 15, 2011 at 1:04 AM, Daniel Müller wrote: > Integrating suse with ads is quiet easy?! > Did you think about that: > > http://www.roboguys.com/index.php?option=com_content&task=view&id=78&Itemid= > 47 (Integrating suse with MADS)!? > Is not new but in meanwhile it is much easier and it is done by yast. > > Good Luck > Daniel > > --- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > --- > -Ursprüngliche Nachricht- > Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] > Im > Auftrag von Madhusudan Singh > Gesendet: Donnerstag, 14. April 2011 19:17 > An: samba@lists.samba.org > Betreff: Re: [Samba] Authenticating against local PAM configuration > > I forgot to mention that using winbind is not an option. Our previous > attempt to use winbind worked for a few months and then broke spectacularly > after the organization made some changes to their ADS. > > It has to be just local pam, the way it is. > > On Thu, Apr 14, 2011 at 12:14 PM, Madhusudan Singh < > singh.madhusu...@gmail.com> wrote: > > > Hello > > > > I have a (OpenSuSE 11.2) linux server that uses our organization LDAP to > > authenticate users. > > > > ssh logins work fine. > > > > I have installed a samba server on this server machine and wish to use > the > > same authentication mechanism for Samba clients. > > > > I do not have any access to the LDAP server (it runs on windows, I think) > > and it is against our organization's IT policy to allow saving the LDAP > > admin password on client machines. > > > > I have plenty of Howtos about integrating samba with Open LDAP, but they > > all require saving the admin password in smbpasswd. Not an option at all > > here. > > > > Our IT people installed some kind of a binary module on the linux machine > > to allow it to authenticate ssh users but that is the extent to which > they > > are willing to go. > > > > Can I somehow ask samba to forward all authentications to the server pam > > configuration (without explicitly specifying the passdb backend) ? That > > method will most likely work for us because the pam authentication > mechanism > > works perfectly. > > > > Thanks. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Authenticating against local PAM configuration
Integrating suse with ads is quiet easy?! Did you think about that: http://www.roboguys.com/index.php?option=com_content&task=view&id=78&Itemid= 47 (Integrating suse with MADS)!? Is not new but in meanwhile it is much easier and it is done by yast. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Madhusudan Singh Gesendet: Donnerstag, 14. April 2011 19:17 An: samba@lists.samba.org Betreff: Re: [Samba] Authenticating against local PAM configuration I forgot to mention that using winbind is not an option. Our previous attempt to use winbind worked for a few months and then broke spectacularly after the organization made some changes to their ADS. It has to be just local pam, the way it is. On Thu, Apr 14, 2011 at 12:14 PM, Madhusudan Singh < singh.madhusu...@gmail.com> wrote: > Hello > > I have a (OpenSuSE 11.2) linux server that uses our organization LDAP to > authenticate users. > > ssh logins work fine. > > I have installed a samba server on this server machine and wish to use the > same authentication mechanism for Samba clients. > > I do not have any access to the LDAP server (it runs on windows, I think) > and it is against our organization's IT policy to allow saving the LDAP > admin password on client machines. > > I have plenty of Howtos about integrating samba with Open LDAP, but they > all require saving the admin password in smbpasswd. Not an option at all > here. > > Our IT people installed some kind of a binary module on the linux machine > to allow it to authenticate ssh users but that is the extent to which they > are willing to go. > > Can I somehow ask samba to forward all authentications to the server pam > configuration (without explicitly specifying the passdb backend) ? That > method will most likely work for us because the pam authentication mechanism > works perfectly. > > Thanks. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Authenticating against local PAM configuration
I forgot to mention that using winbind is not an option. Our previous attempt to use winbind worked for a few months and then broke spectacularly after the organization made some changes to their ADS. It has to be just local pam, the way it is. On Thu, Apr 14, 2011 at 12:14 PM, Madhusudan Singh < singh.madhusu...@gmail.com> wrote: > Hello > > I have a (OpenSuSE 11.2) linux server that uses our organization LDAP to > authenticate users. > > ssh logins work fine. > > I have installed a samba server on this server machine and wish to use the > same authentication mechanism for Samba clients. > > I do not have any access to the LDAP server (it runs on windows, I think) > and it is against our organization's IT policy to allow saving the LDAP > admin password on client machines. > > I have plenty of Howtos about integrating samba with Open LDAP, but they > all require saving the admin password in smbpasswd. Not an option at all > here. > > Our IT people installed some kind of a binary module on the linux machine > to allow it to authenticate ssh users but that is the extent to which they > are willing to go. > > Can I somehow ask samba to forward all authentications to the server pam > configuration (without explicitly specifying the passdb backend) ? That > method will most likely work for us because the pam authentication mechanism > works perfectly. > > Thanks. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Authenticating against local PAM configuration
Hello I have a (OpenSuSE 11.2) linux server that uses our organization LDAP to authenticate users. ssh logins work fine. I have installed a samba server on this server machine and wish to use the same authentication mechanism for Samba clients. I do not have any access to the LDAP server (it runs on windows, I think) and it is against our organization's IT policy to allow saving the LDAP admin password on client machines. I have plenty of Howtos about integrating samba with Open LDAP, but they all require saving the admin password in smbpasswd. Not an option at all here. Our IT people installed some kind of a binary module on the linux machine to allow it to authenticate ssh users but that is the extent to which they are willing to go. Can I somehow ask samba to forward all authentications to the server pam configuration (without explicitly specifying the passdb backend) ? That method will most likely work for us because the pam authentication mechanism works perfectly. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba