[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Samba e PAM


Cara,


depende um pouco da solução que vc vai usar.

Se vc der um pouco mais de detalhes...


A pouco tempo tive que integrar um samba com um domínio AD. Assim sendo usei 
uma trinca  samba + openldap + PAM.

também serviria usar o samba + Winbind + PAM.


Normalmente quando se instala o samba via APT (pelo menos no debian) ele já 
inclui os pacotes necessários para suporte e integração com PAM.

Você pode ver uma lista bem útil no link abaixo:

http://www.zago.eti.br/A-menu-samba.html 


retirado do website do samba:

Pluggable Authentication Modules - PAM

Pluggable Authentication Modules, also known as PAM, is a system for 
abstracting authentication and authorization technologies. With a PAM module 
it is possible to specify different authentication methods for different 
system applications without having to recompile these applications. PAM is 
also useful for implementing a particular policy for authorization. For 
example, a system administrator may only allow console logins from users 
stored in the local password file but only allow users resolved from a NIS 
database to log in over the network.

Winbind uses the authentication management and password management PAM 
interface to integrate Windows NT users into a UNIX system. This allows 
Windows NT users to log in to a UNIX machine and be authenticated against a 
suitable Primary Domain Controller. These users can also change their 
passwords and have this change take effect directly on the Primary Domain 
Controller.

PAM is configured by providing control files in the directory /etc/pam.d/ for 
each of the services that require authentication. When an authentication 
request is made by an application, the PAM code in the C library looks up 
this control file to determine what modules to load to do the authentication 
check and in what order. This interface makes adding a new authentication 
service for Winbind very easy. All that needs to be done is that the 
pam_winbind.so module is copied to /lib/security/ and the PAM control files 
for relevant services are updated to allow authentication via Winbind. See 
the PAM documentation in PAM-Based Distributed Authentication for more 
information.
User and Group ID Allocation

When a user or group is created under Windows NT/200x it is allocated a 
numerical relative identifier (RID). This is slightly different from UNIX 
which has a range of numbers that are used to identify users, and the same 
range in which to identify groups. It is Winbind's job to convert RIDs to 
UNIX ID numbers and vice versa. When Winbind is configured, it is given part 
of the UNIX user ID space and a part of the UNIX group ID space in which to 
store Windows NT users and groups. If a Windows NT user is resolved for the 
first time, it is allocated the next UNIX ID from the range. The same process 
applies for Windows NT groups. Over time, Winbind will have mapped all 
Windows NT users and groups to UNIX user IDs and group IDs.

The results of this mapping are stored persistently in an ID mapping database 
held in a tdb database). This ensures that RIDs are mapped to UNIX IDs in a 
consistent way.



Espero ter ajudado, se precisar posta aqui !!!

Valeus,

-- 
Guilherme Rocha
Analista de Sistemas e Serviços
Sul Soluções Informática Ltda.
http://www.sulsolucoes.com.br
+55-71-240-2026/240-3975



Em Seg 02 Mai 2005 23:07, caio ferreira escreveu:
> 	All
>
> 	Por acaso alguém teria algum texto sobre a integração entre o Samba e o
> PAM ??! Encontrei informações no próprio site do samba, mas surgiu uma
> dúvida, qual pacote do PAM devo instalar, por acaso seria o libpam-smbpass
> ?!?!
>
> 	Desde já agradeço pela atenção.
Reply to: