[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authentication With Samba

From: Frank Gruman <fgatwork_at_verizon.net>
Date: 2005-06-15 18:21:40 CEST

Hi Tyrstan,

yes, my Apache is running on Linux (SLES9, to be exact). I have had to
many issues with maintaining / securing / updating / rebooting / etc my
critical servers (code and bug/issue tracking, primarily) that I have
moved them to Linux. It was a hobby at home before, and I have truly
found it's stability and reliability pay off at work, too. I've not had
to reboot my servers once since bringing them online for production more
than 6 months ago. I have had to bounce the HTTP service to implement
changes, but Apache is nice in that it will allow for graceful
restarts. So I can claim almost 100% uptime on these servers, including
implementing updates.

I also have a couple of Windows servers (2000 and 2003) for testing, and
they have had to be rebooted almost weekly with each security update
that comes out. The 2003 server is doing better since there don't seem
to be as many security fixes, but it still requires a reboot on each.

oooo - and an update to the whole list - since I switched to LDAP and
authentication times have improved, those revolting developers are now
OOO'ing and AHH'ing over some of the features (Branching and Merging,
primarily) that they are able to do with Subversion. Apparently nothing
else to complain about. Still can't figure out what was happening with
the production box in apache+samba+winbind. When running from my test
box, it ran fine.

Regards to all,
Frank

Hughes, Trystan wrote:

>>I'd have to say that yes, it is very possible, and it was relatively easy, but my authentication times are very slow (10-20 seconds). I've run ethereal scans, and it >seems that there are Kerberos issues floating back and forth on the first and secod handshakes. But then they work out. Strange, but it happened...
>>
>>
>
>
>
>>Anyway - that was when I did Apache+Samba + Winbind. Have now got Apache + LDAP running, and that rocks!
>>
>>
>
>But is your Apache server on a Unix box? My APache server will reside on a Windows box, my users will all be using a Windows machine, and SAMBA to authentication against.
>
>
>
>>So - make sure you get EVERYTHING right before you move into production. I had a couple of very unhappy developers (read -> whiney) who didn't like to >wait that long for authentication. They started to revolt and claim they'd rather work on VSS.
>>
>>
>
>I look forward to the day :)
>
>
>
>>Regards,
>>Frank
>>
>>
>
>Brad wrote:
>
> Tryst,
> Yes and its far easier than it sounds. The only issue I have is that users have to enter in the fully qualified domain user name such as "DOMAIN\USER". That depends on your domain scoping though. But it works fine other than that. I have the authentication hooked up through PAM. Apache can authenticate with PAM through mod_auth_pam.
>
> Get your system authenticating first:
> http://gentoo-wiki.com/HOWTO_Adding_a_Samba_Server_into_an_existing_AD_Domain
>
> And then use mod_auth_pam to get apache authenticating. Basically, just don't specify a password file.
>
>
> Brad
>
>
> On Mon, 2005-06-13 at 14:38 +0100, Hughes, Trystan wrote:
>
> Hi all,
>
> I am about to roll out Subversion across my company and have just realised that the company users use SAMBA (http://us1.samba.org/samba/) for its login/authentication process.
>
> This isn;t exactly Windows domain authentication, so was wondering if I would be able to let Subversion use Apache to pickup the users SAMBA login credentials so that they can automatically login (like Windows Domain Authentication works).
>
> Is this at all possible?
>
> Thanks
>
> Tryst
>
> The views expressed in this e-mail are not necessarily the views of AssetCo Group Limited,
> its directors, officers or employees make no representation or accept any
> liability for its accuracy or completeness unless expressly stated to the contrary.
> This e-mail, and any attachments are strictly confidential and intended for the addressee(s) only.
> The content may also contain legal, professional or other privileged information. Unless expressly
> stated to the contrary, no contracts may be concluded on behalf of AssetCo Group Limited by means of
> e-mail communication. You may report the matter by calling us on +44 (0)118 906 8000.
> Please ensure you have adequate virus protection before you open or detach any documents from this
> transmission. AssetCo Group Limited does not accept any liability for viruses. AssetCo Group Limited
> is registered in England: Company number: 4450947
> Registered Office: Davidson House, Forbury Square, Reading, Berkshire RG1 3GA
>
>
>
>
Received on Wed Jun 15 18:23:51 2005

This is an archived mail posted to the Subversion Users mailing list.