samba - Feb 2002 - pam module for ldap/ADS for Solaris 2.8 to communicate with Windows 2000 ADS

Hello,

In the third party software that we bought, which runs on Solaris 2.8 Server,
we use the pam_smb version 1.9.8 to authenticate our users against the NT
Domain. Now,  our company is migrating from NT Domain to Windows 2000 ADS
Domain in native mode.   I saw the documention on SAMBA 3.0 (alpha 1-15), and
it states that SAMBA 3.0 is compatible with ldap/ADS of Windows 2000.   Have
you created a pam module, the counterpart of pam_smb, for
Windows 2000 ADS/ldap ?  If so, where can I find the pam for ldap/ADS ?
Thanks.

Regards,
Thaung Nyein
Thaung.Nyein@abbott.com

Thaung.Nyein@abbott.com wrote:
> 
> Hello,
> 
> In the third party software that we bought, which runs on Solaris 2.8
Server,
> we use the pam_smb version 1.9.8 to authenticate our users against the NT
> Domain. Now,  our company is migrating from NT Domain to Windows 2000 ADS
> Domain in native mode.   I saw the documention on SAMBA 3.0 (alpha 1-15),
and
> it states that SAMBA 3.0 is compatible with ldap/ADS of Windows 2000.  
Have
> you created a pam module, the counterpart of pam_smb, for
> Windows 2000 ADS/ldap ?  If so, where can I find the pam for ldap/ADS ?
> Thanks.
pam_smb will still work - but that module is as ugly as all heck!  If
you want a real pam moudule for NT/Win2k domain intergration, use the
pam_winbind included in HEAD (and 2.2 - but the head version is better).

BTW, 'native mode' actually doesn't change that much, its the
restirctions on top of that that start getting interesting...

If you are really native (no NTLM whatsoever) then pam_krb5 might do
somthing for you, but I've never used it with Win2k.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net