[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Authentication With Samba

From: Hughes, Trystan <Trystan.Hughes_at_assetco.com>
Date: 2005-06-15 17:37:18 CEST

>I'd have to say that yes, it is very possible, and it was relatively easy, but my authentication times are very slow (10-20 seconds). I've run ethereal scans, and it >seems that there are Kerberos issues floating back and forth on the first and secod handshakes. But then they work out. Strange, but it happened...

>Anyway - that was when I did Apache+Samba + Winbind. Have now got Apache + LDAP running, and that rocks!
 
But is your Apache server on a Unix box? My APache server will reside on a Windows box, my users will all be using a Windows machine, and SAMBA to authentication against.

>So - make sure you get EVERYTHING right before you move into production. I had a couple of very unhappy developers (read -> whiney) who didn't like to >wait that long for authentication. They started to revolt and claim they'd rather work on VSS.
 
I look forward to the day :)

>Regards,
>Frank

Brad wrote:

                Tryst,
                    Yes and its far easier than it sounds. The only issue I have is that users have to enter in the fully qualified domain user name such as "DOMAIN\USER". That depends on your domain scoping though. But it works fine other than that. I have the authentication hooked up through PAM. Apache can authenticate with PAM through mod_auth_pam.
                
                Get your system authenticating first:
                http://gentoo-wiki.com/HOWTO_Adding_a_Samba_Server_into_an_existing_AD_Domain
                
                And then use mod_auth_pam to get apache authenticating. Basically, just don't specify a password file.
                
                
                Brad
                
                
                On Mon, 2005-06-13 at 14:38 +0100, Hughes, Trystan wrote:

                        Hi all,
                         
                        I am about to roll out Subversion across my company and have just realised that the company users use SAMBA (http://us1.samba.org/samba/) for its login/authentication process.
                         
                        This isn;t exactly Windows domain authentication, so was wondering if I would be able to let Subversion use Apache to pickup the users SAMBA login credentials so that they can automatically login (like Windows Domain Authentication works).
                         
                        Is this at all possible?
                         
                        Thanks
                         
                        Tryst
                        
                        The views expressed in this e-mail are not necessarily the views of AssetCo Group Limited,
                        its directors, officers or employees make no representation or accept any
                        liability for its accuracy or completeness unless expressly stated to the contrary.
                        This e-mail, and any attachments are strictly confidential and intended for the addressee(s) only.
                        The content may also contain legal, professional or other privileged information. Unless expressly
                        stated to the contrary, no contracts may be concluded on behalf of AssetCo Group Limited by means of
                        e-mail communication. You may report the matter by calling us on +44 (0)118 906 8000.
                        Please ensure you have adequate virus protection before you open or detach any documents from this
                        transmission. AssetCo Group Limited does not accept any liability for viruses. AssetCo Group Limited
                        is registered in England: Company number: 4450947
                        Registered Office: Davidson House, Forbury Square, Reading, Berkshire RG1 3GA
                            
Received on Wed Jun 15 17:40:28 2005

This is an archived mail posted to the Subversion Users mailing list.