Does anyone have any experience using PGina with Samba for a simple "single
sign on" approach using Windows clients? If so, I would love to know how
it
is working for you. I tried posting here a bit ago for a way to do this
("single sign on") with samba only, but I didn't get any responses
and
therefore looked into other opportunities.
Thanks.
Paul
On Tue, 2005-03-08 at 13:55 -0500, Paul Barnick wrote:> Does anyone have any experience using PGina with Samba for a simple "single > sign on" approach using Windows clients? If so, I would love to know how it > is working for you. I tried posting here a bit ago for a way to do this > ("single sign on") with samba only, but I didn't get any responses and > therefore looked into other opportunities.Why use PGina when you can just join the Samba domain? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050309/b2cfaa41/attachment.bin
Thanks for the reply. That is exactly what I'm trying to do - bypass the
Windows authentication. I guess if you're able to get Samba/LDAP working
and can't get Pgina to work, it might not be as easy as it seems (I'm
still
new to this and was impressed with myself when I got Samba working with a
pretty simple configuration file!). I just wished that Samba could bypass
the Windows authentication.
Paul
-----Original Message-----
From: Fiordilino, Rudy [mailto:RFiordilino@TALK.COM]
Sent: Tuesday, March 08, 2005 7:12 PM
To: Paul Barnick
Subject: RE: [Samba] PGina & Samba
Hey Paul,
We've been able to get Samba/LDAP working and are just now starting to play
with PGina in order to someday bypass Windows authentication completely and
use LDAP directly. I downloaded it a few weeks ago and wasn't able to login
to LDAP during the configuration of the plugin. Let me know if you get
something similar working.
Thanks,
Rudy Fiordilino
Talk America, inc.
www.talk.com
-----Original Message-----
From: Paul Barnick [mailto:p_barnick@sympatico.ca]
Sent: Tuesday, March 08, 2005 1:55 PM
To: samba@lists.samba.org
Subject: [Samba] PGina & Samba
Does anyone have any experience using PGina with Samba for a simple "single
sign on" approach using Windows clients? If so, I would love to know how
it
is working for you. I tried posting here a bit ago for a way to do this
("single sign on") with samba only, but I didn't get any responses
and
therefore looked into other opportunities.
Thanks.
Paul
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
I'm currently using pGina with LDAP for authentication.
For the purpose of bypassing Window's authentication.
It's been working very well.
The problem to overcome is the fact that LDAP authentication
is via "userPassword" field in ldap schema but Window's SMB/CIFS
uses
The sambaNTPassword samba field for authentication. Bummer.
I've worked around this issue via Linux scripts but
pGina may have a plugin that addresses this issue directly.
jay
-----Original Message-----
From: samba-bounces+jbk=paragonsys.com@lists.samba.org
[mailto:samba-bounces+jbk=paragonsys.com@lists.samba.org] On Behalf Of Paul
Barnick
Sent: Tuesday, March 08, 2005 7:39 PM
To: 'Fiordilino, Rudy'
Cc: samba@lists.samba.org
Subject: RE: [Samba] PGina & Samba
Thanks for the reply. That is exactly what I'm trying to do - bypass the
Windows authentication. I guess if you're able to get Samba/LDAP working
and can't get Pgina to work, it might not be as easy as it seems (I'm
still new to this and was impressed with myself when I got Samba working with a
pretty simple configuration file!). I just wished that Samba could bypass the
Windows authentication.
Paul
-----Original Message-----
From: Fiordilino, Rudy [mailto:RFiordilino@TALK.COM]
Sent: Tuesday, March 08, 2005 7:12 PM
To: Paul Barnick
Subject: RE: [Samba] PGina & Samba
Hey Paul,
We've been able to get Samba/LDAP working and are just now starting to play
with PGina in order to someday bypass Windows authentication completely and use
LDAP directly. I downloaded it a few weeks ago and wasn't able to login to
LDAP during the configuration of the plugin. Let me know if you get something
similar working.
Thanks,
Rudy Fiordilino
Talk America, inc.
www.talk.com
-----Original Message-----
From: Paul Barnick [mailto:p_barnick@sympatico.ca]
Sent: Tuesday, March 08, 2005 1:55 PM
To: samba@lists.samba.org
Subject: [Samba] PGina & Samba
Does anyone have any experience using PGina with Samba for a simple "single
sign on" approach using Windows clients? If so, I would love to know how
it is working for you. I tried posting here a bit ago for a way to do this
("single sign on") with samba only, but I didn't get any responses
and therefore looked into other opportunities.
Thanks.
Paul
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
>Why use PGina when you can just join the Samba domain?Passwords. Even if you only use pGina to trap password changes, you get a chance at the plain-text password without having some other funky interface, just the standard ctrl+alt+del chage password. pGina allows chaining of ginas (which is actually what is supposed to happen, but most gina authors implement this incorrectly), so you can still use windows auth if you want. Anyway, Paul, have you tried the pgina site? Nate is usually very helpful. ---------------------------- Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA jmcd at us dot ibm dot com jmcd at samba dot org Phone: 1-877-228-1846 IBM tie-line: 349-5335
On Wed, 2005-03-09 at 07:36 -0500, Paul Barnick wrote:> Jim: > > I have looked at the site. At first I was concerned about the security of > using PGina instead of a regular Windows logon, but I posted on the forum > and received some good responses there that convinced me that it is at least > as secure as windows logon. Now comes the implementation! Unfortunately, I > can only do it on the weekend as I think it will take some time for me to > get it to work and we cannot have the network down while I'm trying to get > it to work. >You should look into getting a copy of VMWare Workstation. You can setup a complete network of VM machines to do your testing and not touch the production network at all. I have VM Workstation for Linux running on my Laptop and routinely run 4 to 5 VM's all at once. I just bought a Dell PowerEdge 700 server with 4GB of RAM to run VMWare and it is going to replace the 4 computers currently residing in my office. Check it out.
On Wed, 2005-03-09 at 21:37 -0500, Paul Barnick wrote:> Chuck: > > You're the second person to suggest vmware workstation to me. It is a > little expensive for me but I'll look into it (it might be worth it if it > saves me time in the long run - that's how I'll get my boss to look at it!).Not only will it save you time, it will save him a lot on money. $199 for VMware and $200-300 (or less if you already have 1GB) for 2GB of memory for your computer is significantly less than buying 3 or 4 machines for you to use for testing. With 2GB of memory and a reasonably fast processor you can run 4 Virtual Machines simultaneously and still use the Host. If you have a laptop and can get him to spring for the memory for it you can take it home to work on projects. If you are like me, there never is any time to do testing while I'm at the office anyway, so, I get most of my testing and evaluation done at home.> Does it allow you to use the Linux portion of your computer to act as a DHCP > server and assign different IP addresses to the different windows > workstations, all on the same computer? That sounds a little hard to > believe for me, but I would think that it would be necessary in order to do > some testing.VMWare includes it own DHCP server. Also there are three different ways of setting up Networking with VMWare so you have a lot of options.