powered by Jive Software

Samba authentication


anyone knows if there is a way that makes Wildfire users authenticante in a Samba Server (working as a PDC)?

Thanks in advance

I too am running a Samba server as a PDC along with openldap. My users are authenticating by going against the LDAP server.

Here is an example of my wildfire.xml file.

Hope this helps.


depends on where you’'re running your server.

If you run wildfire in a windows box you can use NativeAuth to authenticate against the domain, this works great for me.

I’‘m not sure how to get the functionality through linux. I’'d rather run under linux/bsd, so if you discover a method that way, please let me know

since this is scarcely documented elsewhere:

you need to add the proper nativeauth module to the lib/ directory from resources/nativeauth/

then add this section to your wildfire.xml file


make sure you have an “admin” account in yuor domain or you won’‘t be able to login to the admin interface, you’'ll need to use the domain password for admin

Hi jerm!

Your tip was very helpfull!! I don’'t have time now to setup a LDAP server.

I discover that wildfire uses PAM authentication in a linux box.

The setup was very easy and now I have my users authenticanting with they domain passwords (synchronized with samba).


glad i could help!

so, you want to share your setup to get wildfire authing through pam onto damba for the rest of us?



shaj[/b] is the file that I’'ve created in /etc/pam.d with the content:

auth required pam_stack.so service=system-auth

To log in the Admin Console I’'ve created the ‘‘admin’’ account on my linux box.

Any questions let me know.


so you just have samba update linux passwords when changed?

that is… wondering where samba ties in to your method



Yes, samba passwords synchronize linux passwords.

Before this implementation I already had this synchronism because of CVS authentication.


gotcha. are you aware of any methof for having pam actually authenticate to samba? I don’'t want my passwords to sync to linux as my user should not be logging into that box (i know there are other methods for that, but still)

I don’'t know any methods to do that but I think that is easier to find an method to do samba users authenticate through PAM.

But this is a discussion that extrapolates the focus of this forum.


true, i was just checking… thanks

not much of a pam guy



The NativeAuth pointer is just what I needed – thanks.

I also want to restrict who in the domain can use the server – so only those with permission can login.

Is there a way to have NativeAuth try and get access to some secured object on the PDC or otherwise force a check above/beyond basic password check? I’‘m not a big Win32 guru, so I don’'t know how ActiveDirectory stuff like this works.

For now, we only want the IT/Ops folks on it, until we’'ve worked out the kinks and “go live” with the new support system.

Eventually, I’‘d like to restrict certain rooms, or admin access, to certain folks – again all based on a non-Wildfire mechanism so we don’'t have to maintain N sets of permissions.