This is the README for pam_ntdom v0.1 ------------------------------------- Getting pam_ntdom: http://mailhost.cb1.com/~lkcl/pam_ntdom This Plug-in Authentication Module allows a Linux user to authenticate against an NT Server, Samba Server compiled with NT Domains enabled, AT & T Advance File/Print Sharer or SCO Domain Controller, using the NT Domain Authentication Protocol. This module is based on pam-smb (including this README file) which in turn was based on pam_unix_auth. Please see the end of this file for contact details. ************************ Configuration ************************ Linux workstation ----------------- The configuration files is /etc/pam_smb.conf. It contains three lines. The first is the NT DOMAIN to be logged on at and the second and third are primary and secondary servers to use. These *must* either be an NT server or a Samba Server compiled with NT Domains enabled. e.g. NAME_OF_DOMAIN PRIMARY_DC_SERVER_NAME BACKUP_DC_SERVER_NAME NT 3.51 / 4.0 Server -------------------- If you use NT server, you must manually add each Linux workstation to the NT Domain. Run SRVMGR.EXE ("Server Manager for Domains"), select File | Add, and type in the name of each Linux Workstation. Samba NT Domain Server ---------------------- If you use a Samba NT Domain server, you must manually add the Linux workstation to the Samba NT Domain. Please read the instructions in docs/NTDOMAIN.txt with the Samba distribution. What's going on? ---------------- If you want to know what is happening, in both instances you are setting up a "Workstation Trust" relationship between the Domain Controller and each Linux workstation. Future versions will not require configuration at the Server, but *will* require you to establish the Workstation/Server Trust relationship, in exactly the same way that NT workstation does ("Welcome to the SAMBA Domain"...) ************************ Notes ************************ - The user must be in the password file to allow the user to login. - If the user hasn't a starred password the password in the file will work. - If the user has a starred password it will go to the NT server and validate the user in the domain specified in the conf file ************************ Samba NT Domains ************************ As of 10jan98, the version of Samba required that supports NT Domains is available under the cvs tag BRANCH_NTDOM. cvs instructions are at: http://samba.anu.edu.au/cvs.html. Samba, the Digest Archives and a list of Commercial companies that support Samba is available from: http://samba.anu.edu.au/pub/samba Details on NT Domain Authentication and progress being made is available from: http://mailhost.cb1.com/~lkcl/ntdomain.html ************************ Credits ************************ - Dave Airlie -- the Author of pam-smb, as all i've done is replace his Validate_User function and rewrite this README file. - Andrew Morgan -- the Linux PAM project person, and writer of the pam_unix_auth.c module, on which Dave Airlie based pam-smb. - Paul Ashton -- Paul kicked the whole NT Domain Authentication ball rolling, and first implemented NT Domains in Samba. And second implemented it. - Andrew Tridgell and the Samba Team . Andrew for inviting me to join the team, back in August 96, and to the other Samba Team members for putting up with and encouraging me ever since. - The Microsoft NT Development Team, for an exceptionally good design of a remote administration / authentication protocol. ************************ Bugs and Comments ************************ Please report any bugs, comments and suggestions to: lkcl@samba.anu.edu.au putting "PAM-NTDOM" at the start of the subject line.