On Thu, 2010-06-17 at 05:53 -0400, Adam Tauno Williams wrote:
I use active directory to validate users. It is set up in samba. And there is a PAM module as part of it.
Samba does *not* use the PAM modules; the PAM modules uses Samba. The module allows the *system* to authenticate users [for shell access, etc..] via Samba. You do not authorize Samba access via the module.
I did not say who used whom. Just that there were two parts to the puzzle: samba and a pam module. It is of course exactly as you described it.
Note that the same person who logs in via google and via some sort or samba would surely be considered two different users by the system. With different homes. Why do you have both methods?
Samba does not authorize users using PAM - it is *not possible*. To authorize the connection from a Windows PC the server must support NTLM [probably NTLMv2] authentication. PAM is for simple chat/expect authentication. Even the PAM Kerberos modules supports username/password authentication against a KDC - it does not support "Kerberos authentication".
No issue. I guess I am confused why samba user configuration and google authentication for login are discussed together in the original post. Perhaps google authentication is not wanted for login, and is only wished by the OP to be used by samba to authenticate access to shares. If so, that is different than how I interpreted the original post. -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org