Hi there, I am trying to come up with a solution to the current Samba authentication voes on the gateway server for our distributed file system. We currently use smbpasswd file on the gateway server for authentication, which is not a secure way and requires each user to be specifically added in. I do not have much experience with Samba, so I am still learning quite a bit as I jump from documentation to documentation and look at the relevant source code. My hope is that there is a way around ADS membership for the gateway server. Our gateway server is diskless and as I understand, it would require ADS administrator password everytime it reboots. I would like to delegate the authentication to the metadata server, which can already do the authentication locally, or with ADS. It currently uses ntlm_auth in ntlm-server-1 mode and passes in username/password when accessing the filesystem from a regular client running our file system driver. If I can get the encrypted password to the metadata server, is there a way to use ntlm_auth to play challenge/response game for authentication? It seemed possible from a few posts on the list, but I was unable to find documentation other than the manpage. Using mode = server and the Samba server running on the metadata server as the password server could be another option, but details there are very hazy for me. Thanks, -m.
Hi there, I am trying to come up with a solution to the current Samba authentication voes on the gateway server for our distributed file system. We currently use smbpasswd file on the gateway server for authentication, which is not a secure way and requires each user to be specifically added in. I do not have much experience with Samba, so I am still learning quite a bit as I jump from documentation to documentation and look at the relevant source code. My hope is that there is a way around ADS membership for the gateway server. Our gateway server is diskless and as I understand, it would require ADS administrator password everytime it reboots. I would like to delegate the authentication to the metadata server, which can already do the authentication locally, or with ADS. It currently uses ntlm_auth in ntlm-server-1 mode and passes in username/password when accessing the filesystem from a regular client running our file system driver. If I can get the encrypted password to the metadata server, is there a way to use ntlm_auth to play challenge/response game for authentication? It seemed possible from a few posts on the list, but I was unable to find documentation other than the manpage. Using mode = server and the Samba server running on the metadata server as the password server could be another option, but details there are very hazy for me. Thanks, -m.
On Wed, Mar 03, 2010 at 10:59:43AM -0800, mogambo wrote:> Hi there, > > I am trying to come up with a solution to the current Samba authentication > voes on the gateway server for our distributed file system. We currently > use smbpasswd file on the gateway server for authentication, which is not a > secure way and requires each user to be specifically added in.Speaking of authentication ... if using the tdbsam backend (or the smbpasswd backend, for that matter), is there any way to FORCE resolution of a username to a specific numeric Unix UID? -- Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355 alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org Renaissance Man, Unix ronin, Perl hacker, Free Stater It's not the years, it's the mileage.