Web lists-archives.com

Re: [Samba] Custom Authentication Plugin (passdb backend)




On Sat, 2017-03-25 at 19:30 -0700, Nick Coons via samba wrote:
> I'm looking to create a "passdb backend" plugin so that Samba can 
> authenticate with our existing custom authentication system.  Though
> I 
> haven't been able to locate any documentation on this, I believe
> it's 
> possible (without modifying Samba proper) for the following reasons:
> 
> - This project exists (though isn't being maintained and doesn't work
>    with the current version):
>    https://sourceforge.net/projects/pdbsql
> 
> - When I set "passdb backend = foo" in smb.conf, my Samba logs show
> the
>    following error:
>    "No builtin nor plugin backend for foo found"
>    Which indicates to me that it's at least looking for a plugin that
> it
>    can use.
> 
> I understand that it's more than just authentication.  It's also a 
> variety of other pieces of data that I'll need to store and be able
> to 
> return.
> 
> I'm wondering if documentation exists that can lead me in the right 
> direction for how to get started on creating this.

Can you describe a little more your current custom authentication
system and the capabilities it has?

While we have built a pluggable auth and passdb system, creating and
deploying custom backends has turned out to be much harder to execute
in practice than originally expected. 

In particular, the auth subsystem only covers NTLM authentication, but
not password chagnes nor machine account authentication (netlogon
ServerAuthenticateX), and passdb has so many arms and lets it is quite
difficult to implement (but more practical).

Both require that you have access to the NT hash of the user's password
(MD4(utf16_le(password)).  

If access to that is available, it may be more practical to present
your existing DB in something that looks like our normal LDAP tree.

Anyway, if you can discuss what you have and need we can see how we can
help solve your problems.

Thanks,

Andrew Bartlett

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba