--FxlYARId5dseejUu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Jul 25, 2002 at 03:39:29PM -0500, Mike Renfro wrote: > On Thu, Jul 25, 2002 at 02:51:24PM -0500, Steve Langasek wrote: > > On Thu, Jul 25, 2002 at 04:20:57PM -0400, Subba Gaddamadugu wrote: > > > can pam_smb be used for NTLM authentication? > > For passing authentication through to a Windows domain, you should use > > pam_winbind instead. pam_smb is no longer maintained. > Is there any way with pam_winbind to keep UIDs in sync across multiple > machines? At one time, we had looked at using winbind for > authenticating our Linux and Solaris hosts to our PDC, but the UID > mismatching among machines was a major stumbling block. We replaced it > with a combination of pam_smb and synchronizing local /etc/passwd > files among the hosts. > Is there a simple way to have one machine (the file server would be a > primary candidate) handle winbind, and then offer UIDs to the other > hosts via ldap or some other network method, in effect chaining the > authentication process? Not really, because there's no good way to inject the information from winbind into LDAP. However, if you had a Samba domain controller, you could have all of your SID->UID mappings made available via LDAP, and share these out to all Unix machines equally. Steve Langasek postmodern programmer --FxlYARId5dseejUu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9QGaAKN6ufymYLloRAjKwAJ98+oSj2NKWmFgZqAxdEjoYhjGs0gCfXHL2 U0xBOwIMOtIslxvmV4mXBe8= =9Y8K -----END PGP SIGNATURE----- --FxlYARId5dseejUu--
