From owner-freebsd-questions Wed Nov 7 5:51:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from marble.dublin.wbtsystems.com (marble.dublin.wbtsystems.com [193.120.231.8]) by hub.freebsd.org (Postfix) with ESMTP id E469237B418 for ; Wed, 7 Nov 2001 05:51:17 -0800 (PST) Received: from SUNYA (SUNYA.dublin.wbtsystems.com [193.120.231.190]) (authenticated) by marble.dublin.wbtsystems.com (8.11.6/8.11.6) with ESMTP id fA7DpCF31149; Wed, 7 Nov 2001 13:51:12 GMT From: "Barry Byrne" To: "Paul Jansen" , Subject: RE: pam_smb_auth for an XDM login? Date: Wed, 7 Nov 2001 13:51:11 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20011107132248.12164.qmail@web12908.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Paul: This is a solution that works quite well. You will need pam_smb. See http://www.csn.ul.ie/~airlied/pam_smb/ for more details. You need to make some changes to compile it on FreeBSD, as development is concentrated on Linux and Solaris. Hoever the current stable version 1.1.6 is available in the ports, which might be the easiest way to get it installed. Once installed, there you need a configuration file /etc/pam_smb.conf which lists your domain and domain server details. In addition, you modify /etc/pam.conf to specify which services should use which PAM modules. For example: ftpd auth sufficient pam_smb_auth.so ftpd auth sufficient pam_unix.so ftpd account required pam_unix.so Would allow FTP login using either SMB (Windows) or Unix authentication providing an account exists locally. You will need to have an account exist on the server for each user. This all works fine, providing you have only one NT domain, if you need authentication against multiple domains, you will need to use the development version of pam_smb. This is somewhat more difficult to compile and configure - but is possible. I use it on a FreeBSD 4.4 server to have apache authenticate against two NT domains, and it seems to work quite well despite some initial headaches in compiling the components. Cheers, Barry -- Barry Byrne, IT Manager, WBT Systems, Block 2, Harcourt Centre Harcourt Street, Dublin 2, Ireland Phone: +353 1 417 0150 Fax: +353 1 478 5544 Email: barry.byrne@wbtsystems.com Web: www.wbtsystems.com > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Paul Jansen > Sent: 07 November 2001 13:23 > To: questions@FreeBSD.ORG > Subject: pam_smb_auth for an XDM login? > > > Hi. > > OUr primary NOS at work is NT. I'd like ot be able to > enable users to log onto the diskless FreeBSD > configuration I've set up by using their regular NT > username and password. > Is this actually possible? If not is this something > that will be doable sometime in the near future? > If this is possible currently then how is the system > configured to allow this to occur? Do I need to still > create a user accoutn on the FreeBSD system, for each > individual user or is there some way to set this up > 'on the fly'. > I've done some mailing list searches but there's not > much traffic on pam_smb and the messages that I did > find were a little old. Is anyone out there using > this type of configuration anywhere? Care to share the > details? > > Thanks, > Paul > > > http://briefcase.yahoo.com.au - Yahoo! Briefcase > - Manage your files online. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message