On Thu, 2010-06-17 at 08:26 +0200, Roger Oberholtzer wrote:
On Wed, 2010-06-16 at 20:45 -0400, Adam Tauno Williams wrote:
On Wed, 2010-06-16 at 14:32 -0400, Cristian Rodríguez wrote:
El 16/06/10 03:15, Verner Kjærsgaard escribió:
In order to avoid double administration of usernames/passwords, I would very much like to query the individual users google account for authentication to login to the central openSUSE box. And, if possible, also grant access to the individual users SAMBA share (served to the poor windows only users). googlen on how to setup "pam_google" . A PAM module won't make Samba authentication work. What do you mean by 'samba authentication'?
Providing credentials to Samba for accessing a share/service.
Isn't that done by you for each user via smbpasswd?
Depending upon your configuration.
That is for accessing shares. It does not log you in to the machine to run commands. Are you doing something else with this? I use active directory to validate users. It is set up in samba. And there is a PAM module as part of it.
Samba does *not* use the PAM modules; the PAM modules uses Samba. The module allows the *system* to authenticate users [for shell access, etc..] via Samba. You do not authorize Samba access via the module.
Note that the same person who logs in via google and via some sort or samba would surely be considered two different users by the system. With different homes. Why do you have both methods?
Samba does not authorize users using PAM - it is *not possible*. To
authorize the connection from a Windows PC the server must support NTLM
[probably NTLMv2] authentication. PAM is for simple chat/expect
authentication. Even the PAM Kerberos modules supports
username/password authentication against a KDC - it does not support
"Kerberos authentication".
--
Adam Tauno Williams