| 1 |
On 6 Jan 2006, at 16:24, brunogola wrote: |
| 2 |
> |
| 3 |
> My notebook running linux is already authenticating against the |
| 4 |
> win. domain (AD). I've done this using samba, |
| 5 |
> kerberos5 and winbind (pam modules etc), thats woring perfectly :-) |
| 6 |
> |
| 7 |
> Now, what i need : my desktop (that is another linux machine) |
| 8 |
> authenticanting against my notebook, using samba, |
| 9 |
> but the problem is that samba is already configured @ the notebook |
| 10 |
> as a AD Domain member :S. |
| 11 |
> ... |
| 12 |
> Well, the principal service is a VMWare GSX Server running on my |
| 13 |
> notebook, i need to be able to authenticate |
| 14 |
> (using the vmware-console) from any machine in my network (windows |
| 15 |
> or linux). I think the vmware thing is the |
| 16 |
> less important part, cause it should be easy editing pam.d/vmware- |
| 17 |
> authd after everthing is configured. |
| 18 |
> ... |
| 19 |
> I want to have bgola on the linux machine for a control propose, |
| 20 |
> or, only authenticate if the user exists on |
| 21 |
> the machine. This is already working for console/ssh/etc on the |
| 22 |
> Notebook. |
| 23 |
|
| 24 |
I'm afraid I'm not sure how much I can help here - it's not something |
| 25 |
I'd do because philosophically I disagree with your approach. That's |
| 26 |
not to say it's not right _for you_ but I wouldn't have a user in two |
| 27 |
places (on the Linux box & the AD). You even have the possibility |
| 28 |
with this approach, I think to separate separate users & passwords |
| 29 |
(for a single auth) between the two boxes. Will VMWare GSX use the ~ |
| 30 |
for the user on the Linux box or for the user on the AD to store its |
| 31 |
files? |
| 32 |
|
| 33 |
Personally, I'd have the user exist on the domain or possibly on the |
| 34 |
Linux box, but not on both. |
| 35 |
|
| 36 |
Since you say that VMWare GSX Server (which I'm not familiar with) |
| 37 |
uses PAM it should be possible to get this to authenticate users on |
| 38 |
either the AD or /etc/passwd OR BOTH. It should be possible to use |
| 39 |
some other mechanism - possibly group memberships - to restrict |
| 40 |
VMWare GSX Server log-in rights to or from certain users. Dovecot |
| 41 |
IMAP, for instance, has a "deny passdb" and also a valid userID |
| 42 |
range. I would personally consider this kind of approach more elegant. |
| 43 |
|
| 44 |
I'm not trying to be snobby saying "I wouldn't do it this way", just |
| 45 |
sorry I can't help. Good luck with it. |
| 46 |
|
| 47 |
Stroller. |
| 48 |
|
| 49 |
-- |
| 50 |
gentoo-user@g.o mailing list |
Archives