Re: [gentoo-user] Samba !

Fri, 06 Jan 2006 06:15:43 -0800 


On 6 Jan 2006, at 12:32, brunogola wrote:



I have a machine running linux, and i'm authenticating  in a  
windows 2000 domain (Active directory) using

samba, winbind and kerberos.


Hi there,


I've done some of this recently, and I don't think you need active  
directory, winbind AND kerberos. My understanding is that all three  
are separate mechanisms for authenticating *nix users against a  
Windows domain.



Active directory is MS's name for LDAP, so if you use that then your  
applications would be compiled using the LDAP USE flag & would treat  
the MS server as an LDAP server. I don't believe its schema's are  
terribly good for *nix users - I use Winbind, which uses PAM to  
appear part of the local authentication process and pass these on to  
the Windows DC.



What i need to know is if there is a way of making some other machines

authenticate in this machine, and this machine will ask the  
password for the windows 2000 domain (only for some

users, and the user need to be in the /etc/passwd).



It would be helpful if you gave an example of which programs /  
services on which machines (A, B and C??) you need to be able  
authenticate in this way.



Let me explain: i have a user 'bob' that is not a user in

the domain, but it has your username and password on my linux  
machine, so he can authenticate. I have a user
bgola who has the username on the AD and on the linux machine, but  
the password isnt on the linux machine, only

on  the AD. He can authenticate too.

Resuming: my linux machine will use the username database from its  
own but the password database from its own

AND from the AD.



I believe that in this situation it would be unusual to give the  
bgola a username on the Linux machine - he has one on the AD, so if  
you use Winbind then he doesn't need one on the Linux box. He can  
have a homedir, since he may need to store files on the Linux box,  
but that's not the same, I think, as having an account.


For instance on my Linux/Winbind machine on an AD:

        $ getent passwd | grep -e stroller -e ned
        stroller:x:1000:100::/home/stroller:/bin/bash
        ned:x:10012:10000:Some Geezer:/home/DOMAIN/ned:/bin/false
        $ grep -e stroller -e ned /etc/passwd
        stroller:x:1000:100::/home/stroller:/bin/bash
        $ ls -ld ~stroller ~ned
        drwxr-xr-x  3 ned domain users 160 Jan  6 06:32 /home/DOMAIN/ned
        drwxr-xr-x  5 stroller   users        272 Jan  6 03:58 /home/stroller


Both users can authenticate, depending on how the /etc/pam.d/ 
the_authenticating_service is set up. I use pam_mkhomedir.so to  
create a home directory for any users authenticating via Winbind, but  
beware this only works for services which call PAM "session" directives.



I used this guide to set it all up: http://www.samba.org/samba/docs/ 
man/Samba-HOWTO-Collection/winbind.html#id2621482


Please CC me should you reply to the list with further questions,

Stroller.


--
gentoo-user@gentoo.org mailing list























					Reply via email to