Hello guys, I have my linux system configured to authenticate/authorize (windows XP and Vista) users for several services, like PPTP, SMTP and POP3, against a radius server (using PAM), and now I want to add support for samba authentication also. I was planning to do it by using one tdbsam backend (I can not have LDAP for several reasons, unfortunately) but I have some doubts: Is it possible to authenticate samba users directly against the radius server (is there a way to do it)? For tdbsam is there any solution to keep passwords sync with radius server? Tanks
Adam Tauno Williams
2007-Jun-12 11:10 UTC
[Samba] Samba Authentication against Radius server
> I have my linux system configured to authenticate/authorize (windows XP > and Vista) users for several services, like PPTP, SMTP and POP3, against > a radius server (using PAM), and now I want to add support for samba > authentication also. I was planning to do it by using one tdbsam backend > (I can not have LDAP for several reasons, unfortunately) but I have some > doubts: > Is it possible to authenticate samba users directly against the radius > server (is there a way to do it)?You can, but you basically have to break things to do it (enabling clear text passwords). You'd configure PAM to authenticate against RADIUS and configure Samba to use the traditional password database - but don't. Reconfigure your RADIUS server to authenticate users via Samba; not the other way around.> For tdbsam is there any solution to keep passwords sync with radius > server?There is a password sync feature in Samba. Updating Samba from RADIUS password changes would be another matter. But better to reconfigure your RADIUS server to use Samba for authentication, thus keeping one password database. -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org