1 |
On 6 Jan 2006, at 16:24, brunogola wrote: |
2 |
> |
3 |
> My notebook running linux is already authenticating against the |
4 |
> win. domain (AD). I've done this using samba, |
5 |
> kerberos5 and winbind (pam modules etc), thats woring perfectly :-) |
6 |
> |
7 |
> Now, what i need : my desktop (that is another linux machine) |
8 |
> authenticanting against my notebook, using samba, |
9 |
> but the problem is that samba is already configured @ the notebook |
10 |
> as a AD Domain member :S. |
11 |
> ... |
12 |
> Well, the principal service is a VMWare GSX Server running on my |
13 |
> notebook, i need to be able to authenticate |
14 |
> (using the vmware-console) from any machine in my network (windows |
15 |
> or linux). I think the vmware thing is the |
16 |
> less important part, cause it should be easy editing pam.d/vmware- |
17 |
> authd after everthing is configured. |
18 |
> ... |
19 |
> I want to have bgola on the linux machine for a control propose, |
20 |
> or, only authenticate if the user exists on |
21 |
> the machine. This is already working for console/ssh/etc on the |
22 |
> Notebook. |
23 |
|
24 |
I'm afraid I'm not sure how much I can help here - it's not something |
25 |
I'd do because philosophically I disagree with your approach. That's |
26 |
not to say it's not right _for you_ but I wouldn't have a user in two |
27 |
places (on the Linux box & the AD). You even have the possibility |
28 |
with this approach, I think to separate separate users & passwords |
29 |
(for a single auth) between the two boxes. Will VMWare GSX use the ~ |
30 |
for the user on the Linux box or for the user on the AD to store its |
31 |
files? |
32 |
|
33 |
Personally, I'd have the user exist on the domain or possibly on the |
34 |
Linux box, but not on both. |
35 |
|
36 |
Since you say that VMWare GSX Server (which I'm not familiar with) |
37 |
uses PAM it should be possible to get this to authenticate users on |
38 |
either the AD or /etc/passwd OR BOTH. It should be possible to use |
39 |
some other mechanism - possibly group memberships - to restrict |
40 |
VMWare GSX Server log-in rights to or from certain users. Dovecot |
41 |
IMAP, for instance, has a "deny passdb" and also a valid userID |
42 |
range. I would personally consider this kind of approach more elegant. |
43 |
|
44 |
I'm not trying to be snobby saying "I wouldn't do it this way", just |
45 |
sorry I can't help. Good luck with it. |
46 |
|
47 |
Stroller. |
48 |
|
49 |
-- |
50 |
gentoo-user@g.o mailing list |