File: tag_NTauth.html

package info (click to toggle)
lg-issue30 3-2
  • links: PTS
  • area: main
  • in suites: potato
  • size: 2,076 kB
  • ctags: 80
  • sloc: makefile: 36; sh: 4
file content (208 lines) | stat: -rw-r--r-- 8,325 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
 
<!--startcut =======================================================  -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.1pre8">
<TITLE>The Answer Guy 30: Linux as a "Domain Controller" for
		a WinNT Domain?  Not Yet!</TITLE>
</head>

<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#A000A0"
ALINK="#FF0000">
<!--endcut =========================================================  -->
<H4>"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>
<P> <hr> <P>

<!-- ===============================================================  -->
<H1 align="center"><A NAME="answer">
<img src="../gx/dennis/qbubble.gif" alt="" border="0" align="middle">
<a href="./lg_toc30.html">The Answer Guy</a>
<img src="../gx/dennis/bbubble.gif" alt="" border="0" align="middle">
</A></H1> <BR>
<H4 align="center">By James T. Dennis,
<a href="mailto:answerguy@ssc.com">answerguy@ssc.com</a><BR>
Starshine Technical Services,
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A> </H4>
<p><hr><p>
<H3><img src="../gx/dennis/qbub.gif" alt="(?)" width="50" height="28"
	align="left" border="0">Linux as a "Domain Controller" for
		a WinNT Domain?  Not Yet!</H3>
<H4 ALIGN="center">or: Linux use of an NT PDC/BDC for authentication?</H4>

<p><strong>From Cesar Augusto Kant Grossmann on 25 Jun 1998

<!-- begin body -->
<br><br>

 Hi James!

<br><br>
 Again a problem to me, and a exercise to you.

<br><br>
 Is it possible to make the Linux Box do login authentication
 requests from a NT Domain Server?
 </strong></p>

<blockquote><img src="../gx/dennis/bbub.gif" height="28" width="50"
             alt="(!)" border="0"
	>Not yet.  The <a href="http://samba.anu.edu.au/">Samba team</a>
	is working on this and hopes to have something ready within a couple of
	months.  Lest you think this is all wasted effort
	(on the thought that Microsoft will ship NT 5.x
	in a year or so) --- the indications seem to be that
	the MS NT implementation of Kerberos will still rely
	heavily on the data structures that they currently use
	in their PDC/BDC protocol.  So, the work being done
	now is an investment to the future as well as a hope
	for the near-present.
</blockquote>

<p><strong><img src="../gx/dennis/qbub.gif" height="28" width="50"
             alt="(?)" border="0"
	>I have a Linux box in a TCP/IP network, part of a large NT Domain,
 and want to allow NT domain-users to log in the Linux Box and access
 Internet in it.  The idea is provide access to the Linux Box without
 having to register every user. The users dont need a regular
 account, with home directory, because Internet access is not
 frequent (thanks to a low connection) and they only use it to
 surfing (not email, not FTP).
</p></strong>

<blockquote><img src="../gx/dennis/bbub.gif" height="28" width="50"
             alt="(!)" border="0"
	>Hmm.  It looks like I read too much into your first
	paragraph.  This sounds like you want Linux to be a
	client to an NT domain controller.  I think there is
	a PAM (pluggable authentication module) for doing this.

<br><br>
	Since the whole PAM project is still in beta (and not
	moving nearly fast enough for my tastes --- not that I've
	contributed to it nor that the programmers would want me
	to) I can't make any promises on how well it will work.

<br><br>
	However the state of PAM can speak for itself at:

<blockquote><code><A HREF="http://www.kernel.org/pub/linux/libs/pam/"
		>http://www.kernel.org/pub/linux/libs/pam/</A>
</code></blockquote>

	(Andrew Morgan's pages on the Transmeta sponsored Linux site).

<br><br>
	The module you might want to play with is by David Airlie
	and is at:

<blockquote><code><A HREF="http://www.csn.ul.ie/~airlied/pam_smb/"
		>http://www.csn.ul.ie/~airlied/pam_smb/</A>
</code></blockquote>

	Other modules (for things like one-time passwords, authentication
	on a Netware server, a couple of different "SecureCard" and
	"DESGold" cards, RADIUS, and support Kerberos realms, etc) can
	be found by browsing around at:

<blockquote><code><A HREF="http://www.kernel.org/pub/linux/libs/pam/modules.html"
		>http://www.kernel.org/pub/linux/libs/pam/modules.html</A>
</code></blockquote>
</blockquote>

<p><strong><img src="../gx/dennis/qbub.gif" height="28" width="50"
             alt="(?)" border="0"
	>No, I don't want to make the Linux Box act as a firewall (I don't
 have authorization to do that). And, again, sorry my bad english...
<br><br>
 TIA

<br><br>
 Cesar Augusto Kant Grossmann
 <br>Uruguaiana - RS - Brasil
</p></strong>

<blockquote><img src="../gx/dennis/bbub.gif" height="28" width="50"
             alt="(!)" border="0"
	>Given the muddy murky nature of the term "firewall" the
	difference between what you're doing and "acting as a firewall"
	may be purely a matter of semantics.  However, if it'll keep
	your management happy I'll go into a Brazilian court of law
	as an "expert witness" to state my opinion that this is <EM>not</EM>
	a "firewall."

<br><br>
	If by "surfing" you mean that your users will only be
	using the Linux system as a web proxy --- why are you
	fussing with authenticating them at all?  Why not just
	install Apache and configure it purely for caching/proxy
	use --- or use Squid (there are RPM's avaiable --- they
	were included with my copies of
	<A HREF="http://www.suse.de/">S.u.S.E.</A>

<br><br>
	<a href="http://www.apache.org/">Apache</a>, CERN, and Squid can
	all be configured as caching
	web proxy/servers and can all be configured with a variety
	of limitations on which systems are allowed through in which
	directions.  Do you really care <EM>which</EM> user is logged into
	the workstation that is using these proxies?  That seems like
	an odd requirement unless you're also trying to enforce
	some other policies (like certain classes of employees are
	only allowed to "surf" during their lunch hour, etc).

<br><br>
	I suggest you actually review your requirements a bit further.
	It sounds like you are complicating matters more than the
	situation requires.
</blockquote>
<!-- end body -->
<!--================================================================-->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/ssc.copying.html"
	>Copyright &copy;</a> 1998, James T. Dennis <BR>
Published in <I>Linux Gazette</I> Issue 30 July 1998</H5>
<P> <hr> <P>
<!--================================================================-->
<table width="98%"><tr valign="center" align="center">
<td rowspan="3"><A HREF="../lg_answer30.html"><IMG
	SRC="../gx/dennis/answernew.gif"
	ALT="[ Answer Guy Index ]"></A></td>
<td><A HREF="tag_SCOkeys.html">SCOkeys</A></td>
<td><A HREF="tag_chroot.html">chroot</A></td>
<td><A HREF="tag_dosemu-db.html">dosemu-db</A></td>
<td><A HREF="tag_NTauth.html">NTauth</A></td>
<td><A HREF="tag_cdr.html">cdr</A></td>
<td><A HREF="tag_3270.html">3270</A></td>
<td><A HREF="tag_comport.html">comport</A></td>
</tr><tr valign="center" align="center">
<td><A HREF="tag_lilostop.html">lilostop</A></td>
<td><A HREF="tag_emulate.html">emulate</A></td>
<td><A HREF="tag_ppadrivers.html">ppadrivers</A></td>
<td><A HREF="tag_database.html">database</A></td>
<td><A HREF="tag_vacation.html">vacation</A></td>
<td><A HREF="tag_nullmodem.html">nullmodem</A></td>
<td><A HREF="tag_lockups.html">lockups</A></td>
</tr><tr valign="center" align="center">
<td><A HREF="tag_gzipC.html">gzipC</A></td>
<td><A HREF="tag_newlook.html">newlook</A></td>
<td><A HREF="tag_c500.html">c500</A></td>
<td><A HREF="tag_solprint.html">solprint</A></td>
<td><A HREF="tag_vc1shell.html">vc1shell</A></td>
<td><A HREF="tag_memleak.html">memleak</A></td>
<td><A HREF="tag_tvcard.html">tvcard</A></td>
</tr></table>
<P> <hr> <P>
<!--================================================================-->
<A HREF="./lg_toc30.html"><IMG SRC="../gx/indexnew.gif"
        ALT="[ Table Of Contents ]"></A>
<A HREF="../index.html"><IMG SRC="../gx/homenew.gif"
        ALT="[ Front Page ]"></A>
<A HREF="lg_bytes30.html"><IMG SRC="../gx/back2.gif"
        ALT="[ Previous Section ]"></A>
<A HREF="./vrenios.html"><IMG SRC="../gx/fwd.gif"
        ALT="[ Next Section ]"></A>
<!--startcut =======================================================  -->
</body>
</html>
<!--endcut =========================================================  -->