Re: [Samba] samba authentication via pam_pwdfile

2009-09-29 Thread Adam Tauno Williams
On Mon, 2009-09-28 at 18:37 -0400, Charles Yost wrote:
 I'm attempting to setup samba authentication via PAM and more  
 specifically the pam_pwdfile module. So far I have had trouble  
 determining the right mix of global settings to get this to work. I  
 have read through many tutorials online, but so far I have not found  
 good documentation on how to achieve this.

Because it doesn't work;  at least not without hacking every Windows
client.  [Does that even still work anymore?  I don't know,  it really
is not a reasonable/maintainable thing to do].

You need to either setup an LDAP DSA and use that for authentication and
have Samba use that too (as a DC).  Or setup Samba as a NT4 PDC and use
that for authentication.  PAM is, practically speaking, a lost cause for
Windows clients - for technical/implementation reasons it can't work
well.

-- 
OpenGroupware developer: awill...@whitemice.org
http://whitemiceconsulting.blogspot.com/
OpenGroupare  Cyrus IMAPd documenation @
http://docs.opengroupware.org/Members/whitemice/wmogag/file_view


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba authentication via pam_pwdfile

2009-09-29 Thread Charles Yost

On Sep 29, 2009, at 6:47 AM, Adam Tauno Williams wrote:


Because it doesn't work;  at least not without hacking every Windows
client.  [Does that even still work anymore?  I don't know,  it really
is not a reasonable/maintainable thing to do].

You need to either setup an LDAP DSA and use that for authentication  
and
have Samba use that too (as a DC).  Or setup Samba as a NT4 PDC and  
use
that for authentication.  PAM is, practically speaking, a lost cause  
for

Windows clients - for technical/implementation reasons it can't work
well.


I apologize, I suppose I left some details out. I am not trying to  
setup a domain, or even share printers. All that I am looking to  
accomplish with my samba implementation is sharing a couple of  
directories on the server to a few independent windows machines. I  
don't need users to authenticate across a domain, just to be able to  
have access to the shares based on username restrictions. I can get  
this working just fine using the smbpasswd file, but I am trying to  
unify the passwords used for several services. I am sure it can be  
done because there is a whole chapter in the samba documentation on  
using PAM with winbind on a samba machine when you need to  
authenticate to an existing domain.

=Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Samba] samba authentication via pam_pwdfile

2009-09-28 Thread Charles Yost
I'm attempting to setup samba authentication via PAM and more  
specifically the pam_pwdfile module. So far I have had trouble  
determining the right mix of global settings to get this to work. I  
have read through many tutorials online, but so far I have not found  
good documentation on how to achieve this. What I am really attempting  
to do is unify the credentials for access to the server though ftp,  
apache, and samba. I _do not_ want to link the linux shell credentials  
to this for various reasons including security. Any helpful  
suggestions would be appreciated.

=Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba