Mailinglist Archive: opensuse (933 mails)

[Roger Oberholtzer <roger@xxxxxx>]

On Thu, 2010-06-17 at 05:53 -0400, Adam Tauno Williams wrote:

> > I use active directory to validate users. It is set up in samba. And
> > there is a PAM module as part of it.
>
> Samba does *not* use the PAM modules;  the PAM modules uses Samba.  The
> module allows the *system* to authenticate users [for shell access,
> etc..] via Samba.  You do not authorize Samba access via the module.

I did not say who used whom. Just that there were two parts to the
puzzle: samba and a pam module. It is of course exactly as you described
it.

> > Note that the same person who logs in via google and via some sort or
> > samba would surely be considered two different users by the system. With
> > different homes. Why do you have both methods?
>
> Samba does not authorize users using PAM - it is *not possible*.  To
> authorize the connection from a Windows PC the server must support NTLM
> [probably NTLMv2] authentication.  PAM is for simple chat/expect
> authentication.  Even the PAM Kerberos modules supports
> username/password authentication against a KDC - it does not support
> "Kerberos authentication".

No issue. I guess I am confused why samba user configuration and google
authentication for login are discussed together in the original post.
Perhaps google authentication is not wanted for login, and is only
wished by the OP to be used by samba to authenticate access to shares.
If so, that is different than how I interpreted the original post.

-- 
Roger Oberholtzer

OPQ Systems / Ramböll RST

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696

-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx