Samba authentication

Matheus_Soares · January 11, 2006, 6:55pm

Hi,

anyone knows if there is a way that makes Wildfire users authenticante in a Samba Server (working as a PDC)?

Thanks in advance

Renato · January 11, 2006, 9:34pm

I too am running a Samba server as a PDC along with openldap. My users are authenticating by going against the LDAP server.

Here is an example of my wildfire.xml file.

Hope this helps.

Renato

jerm · January 12, 2006, 8:37pm

depends on where you’'re running your server.

If you run wildfire in a windows box you can use NativeAuth to authenticate against the domain, this works great for me.

I’‘m not sure how to get the functionality through linux. I’'d rather run under linux/bsd, so if you discover a method that way, please let me know

since this is scarcely documented elsewhere:

you need to add the proper nativeauth module to the lib/ directory from resources/nativeauth/

then add this section to your wildfire.xml file

/code

make sure you have an “admin” account in yuor domain or you won’‘t be able to login to the admin interface, you’'ll need to use the domain password for admin

Matheus_Soares · January 13, 2006, 6:44pm

Hi jerm!

Your tip was very helpfull!! I don’'t have time now to setup a LDAP server.

I discover that wildfire uses PAM authentication in a linux box.

The setup was very easy and now I have my users authenticanting with they domain passwords (synchronized with samba).

Thanks!!

jerm · January 16, 2006, 6:45pm

glad i could help!

so, you want to share your setup to get wildfire authing through pam onto damba for the rest of us?

jerm

Matheus_Soares · January 16, 2006, 7:21pm

/code

shaj[/b] is the file that I’'ve created in /etc/pam.d with the content:

auth required pam_stack.so service=system-auth

To log in the Admin Console I’'ve created the ‘‘admin’’ account on my linux box.

Any questions let me know.

Hugs

jerm · January 16, 2006, 7:34pm

so you just have samba update linux passwords when changed?

that is… wondering where samba ties in to your method

thanks

jerm

Matheus_Soares · January 16, 2006, 7:49pm

Yes, samba passwords synchronize linux passwords.

Before this implementation I already had this synchronism because of CVS authentication.

Hugs

jerm · January 16, 2006, 7:52pm

gotcha. are you aware of any methof for having pam actually authenticate to samba? I don’'t want my passwords to sync to linux as my user should not be logging into that box (i know there are other methods for that, but still)

Matheus_Soares · January 17, 2006, 10:20am

I don’'t know any methods to do that but I think that is easier to find an method to do samba users authenticate through PAM.

But this is a discussion that extrapolates the focus of this forum.

Hugs!

jerm · January 17, 2006, 2:29pm

true, i was just checking… thanks

not much of a pam guy

jerm

gabe_krupa · January 26, 2006, 10:51pm

Hi,

The NativeAuth pointer is just what I needed – thanks.

I also want to restrict who in the domain can use the server – so only those with permission can login.

Is there a way to have NativeAuth try and get access to some secured object on the PDC or otherwise force a check above/beyond basic password check? I’‘m not a big Win32 guru, so I don’'t know how ActiveDirectory stuff like this works.

For now, we only want the IT/Ops folks on it, until we’'ve worked out the kinks and “go live” with the new support system.

Eventually, I’‘d like to restrict certain rooms, or admin access, to certain folks – again all based on a non-Wildfire mechanism so we don’'t have to maintain N sets of permissions.

Cheers,

Gabe