On Thu, 2010-06-17 at 09:06 +0200, Verner Kjærsgaard wrote:
Roger Oberholtzer skrev:
On Wed, 2010-06-16 at 14:32 -0400, Cristian Rodríguez wrote:
El 16/06/10 03:15, Verner Kjærsgaard escribió:
In order to avoid double administration of usernames/passwords, I would very much like to query the individual users google account for authentication to login to the central openSUSE box. And, if possible, also grant access to the individual users SAMBA share (served to the poor windows only users). googlen on how to setup "pam_google" . A PAM module won't make Samba authentication work. What do you mean by 'samba authentication'? Isn't that done by you for each user via smbpasswd? That is for accessing shares. It does not log you in to the machine to run commands. Are you doing something else with
On Wed, 2010-06-16 at 20:45 -0400, Adam Tauno Williams wrote: this? I use active directory to validate users. It is set up in samba. And there is a PAM module as part of it. Note that the same person who logs in via google and via some sort or samba would surely be considered two different users by the system. With different homes. By SAMBA authentication I simply mean supply a username/pw and gain access to your share - which usually would be something like /home/peter/. Made accessible to windows users by means of a standard share in smb.conf. I cannot have and do not have a Windows AD controller. The only thing I'd like to have was some sort of automtics taking the burden of keeping dual account up-todate. But I don't (at first) see the problem with users homes. The path to the users home is given in /etc/passwd. Which then consults shadow or whatever for pw authentication?
False. Samba does not use /etc/passwd;/etc/shadow for authentication.
It retrieves the home directory of a user from /etc/passwd via NSS, but
it does not use the password crypts from those files [at least no unless
you've gone around and hacked the registry of every windows PC, as they
will wisely refuse by default to use the insecure authentication
mechanism that permits CIFS authentication via PAM].
--
Adam Tauno Williams