1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
SMB authentication Module. (authlibsmb) Version 0.1
This module allows muddleftpd 1.3.4 and above authenticate against SMB
servers. This module will authenticate against the user list on any SMB
domain server, including both windows NT and Samba.
Note: This code is heavily dirived from the smb pam module. It is
essentually a front end for the smb pam module backend. Kudos to the
maintainers smb pam module for the good work.
Note: Although this code is dirived from the smb pam module, It does not
require pam to operate.
DEPENDANCIES:
A smb server somewhere available.
Also, authlibsmb requires that each user you wish to authenticate has a
local password entry. (unless you use the smb_localuser directive, where
all smb users use the same local username)
BUILDING:
To build, execute the following in the authlibsmb source directory:
./configure
make
Or simply build it with the rest of muddleftpd, add --with-authsmb to
the configuration options of that configure script.
Then the file libauthsmb.so can be copied to the directory you with to
store muddleftpd modules in. This directory must be secure, so users cannot
overwrite the module with a cracked version. By default it is put into
@prefix@/lib from configure, if you dont set prefix this is
/usr/local/lib/muddleftpd.
USAGE:
In the groups that you wish authlibsmb to authenticate, you need to use
the following to tell muddleftpd to use the authlibsmb module, replacing the
directory with the directory the authentication module is stored in:
(If unsure a locate libauthsmb.so may help).
authmodule /usr/local/lib/muddleftpd/libauthsmb.so
To configure libauthsmb, the following directives have been added. You must
specify these in the group section that is being configured.
smb_domain <workgroup>
This specifies is the domain/workgroup that contains the domain server
to authenticate against. THIS PARAMTER IS REQUIRED
smb_primary <server>
This specifies the netbios name of the domain server, that is used to
authenticate against. THIS PARAMETER IS REQUIRED
smb_secondary <server>
This specifies the netbios name of the secondary domain server, that
is used to authenticate against. THIS PARAMETER IS OPTIONAL
smb_localuser <localusername>
This specifies the local user on the system (from the password file)
that smb users will access the system ass. If omitted, authlibsmb will
use the login username.
GROUP EFFECTS:
If smb_localuser is specified, authlibsmb will accept any username given to
it, regardless of whether or not it exists on the SMB server. This does not
mean it will log the user in, it will simply not pass the username onto the
next group section. You will have to use nameacl to limit this if required.
If smb_localuser is not specified, authlibsmb will only accept usernames
that also exist in the local password file. Users not found in the local
password file will be passed onto the next muddleftpd group section.
FURTHER NOTES:
* authlibsmb cannot detect the difference between a username not
existing on a domain server and the password being incorrect.
AUTHORS:
Beau Kuiper (support@muddleftpd.cx)
|
