Thanks. Turns out that I was able to do what I needed to do with Apache::AuthenSmb. I had been confused and thought that because we have a PDC on our network, the local copy of samba could not also work as a controller. Looks like it could. Andrew Koebrick Web Coordinator / Librarian Dept. of Administration State of Minnesota 658 Cedar St. St. Paul, MN 55155 651-296-4156 http://server.admin.state.mn.us -----Original Message----- From: Ciprian Vizitiu [mailto:cvizitiu@xxxxxxxx] Sent: Tuesday, November 02, 2004 3:44 AM To: Pluggable Authentication Modules Subject: Re: web authentication against /etc/samba/smbpasswd ? Andrew Koebrick wrote: > Greetings, > > > > I have read through the PAM documentation but am still a bit vague as > to the feasibility of what I wish to do: > > > > Can I authenticate web users against the /etc/samba/smbpasswd file? > > > > If anyone has succeeded in this, I would be grateful for pointers to > any documentation on how it is done. > Don't know why would you want to do this but the main idea is to use winbindd. It's a daemon (that is you have to start it from services) and it will serve as auth mechanism, it will "ask" samba. Now if you've configured samba to use smbpasswd the net result will be that you'll authenticate against smbpasswd. Use authconfig to configure authentication as SMB, it's the second screen. Otherwise you'll have to tweak the services files in etc/pam.d here's an example of a IMAP server doing auth against samba via pam_winbind auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok account required /lib/security/pam_winbind.so Of course you'll need some tweaks in smb.conf for winbind to work. man winbindd _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
