NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PAM Discussion> 2000-12

Subject: Re: PAM_SMB through Apache
From: Mathew Johnston (johnstonmegaepic.com)
Date: Wed Dec 06 2000 - 17:47:46 CST

Next message: marin: "RE: PAM_SMB through Apache"
Previous message: Erica Douglass: "Re: PAM_SMB through Apache"
In reply to: Erica Douglass: "Re: PAM_SMB through Apache"
Next in thread: marin: "RE: PAM_SMB through Apache"
Next in thread: marin: "RE: PAM_SMB through Apache"
Next in thread: marin: "RE: PAM_SMB through Apache"
Reply: Mathew Johnston: "Re: PAM_SMB through Apache"
Reply: marin: "RE: PAM_SMB through Apache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I recall a module which adds usernames when they log in, and can create home
directories (I THINK, but I'm not sure). Check out the pam docs to see a list
of modules.

Thus, autheticate against the domain, and if that succeeds, add a user locally
automatically (you could even make a script that would do this) and thus lets
them log in.

Mathew Johnston

PS. I've never done this, so I may not know what I'm talking about :)

Erica Douglass wrote:

> At 04:28 PM 12/1/2000 +1000, you wrote:
> >At 06:45 PM 11/30/00 -0800, you wrote:
> > >I cannot get PAM authentication through an NT server working with Apache.
> > >
> > >My configuration: Cobalt RaQ4 (Redhat; Intel processor)
> > >
> > >Installed: Apache PAM module
> > >PAM_SMB
> > >
> > >The PAM module for Apache works fine. I have tested with the default
> > >configurations and it runs smoothly. However, PAM_SMB does not work. The
> > >reason it gives is: "User account has expired"
> >
> >Is it possible that the user's account has expired under NT?
>
> > Ummm, you only need pamsmbd if you are doing username mapping. Are you?
>
> It turns out that the underlying problem is that PAM_SMB has to map the NT
> username to a local username. It seems that the module has no support for
> wildcards, and I don't want to create an unmanageable list of all the
> domain users. (The list would have to be updated every time someone was
> added or deleted from the domain.)
>
> As far as I can tell, there are two choices:
>
> -- Hack the module to support wildcards (e.g. ALL NT users -> "default" or
> "anonymous" locally)
> -- Create ~400 local users, or create the aforementioned list.
>
> Neither choice sounds like a clean solution. Any suggestions?
>
> Erica
>
> _______________________________________________
> Pam-list mailing list
> Pam-listredhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://listman.redhat.com/mailman/listinfo/pam-list

Next message: marin: "RE: PAM_SMB through Apache"
Previous message: Erica Douglass: "Re: PAM_SMB through Apache"
In reply to: Erica Douglass: "Re: PAM_SMB through Apache"
Next in thread: marin: "RE: PAM_SMB through Apache"
Next in thread: marin: "RE: PAM_SMB through Apache"
Next in thread: marin: "RE: PAM_SMB through Apache"
Reply: Mathew Johnston: "Re: PAM_SMB through Apache"
Reply: marin: "RE: PAM_SMB through Apache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]