So this Winbind, is this wants needed for me to get the following setup working...
- SAMBO on Unix (Where users login accounts are stored)
- Users on Windows
- Apache on Windows Server 2003
- Subversion on Windows Server 2003 (will reside on same server as Apache)
Obviously, mod_auth_pam is Unix specific, so is there anyway I can use this setup so that Subversion can use the users Authentication credentials that are on SAMBA to authenticate against Subversion?
From: Frank Gruman [mailto:firstname.lastname@example.org]
Sent: Wed 15/06/2005 17:21
To: Hughes, Trystan
Cc: Brad; email@example.com
Subject: Re: Authentication With Samba
yes, my Apache is running on Linux (SLES9, to be exact). I have had to many issues with maintaining / securing / updating / rebooting / etc my critical servers (code and bug/issue tracking, primarily) that I have moved them to Linux. It was a hobby at home before, and I have truly found it's stability and reliability pay off at work, too. I've not had to reboot my servers once since bringing them online for production more than 6 months ago. I have had to bounce the HTTP service to implement changes, but Apache is nice in that it will allow for graceful restarts. So I can claim almost 100% uptime on these servers, including implementing updates.
I also have a couple of Windows servers (2000 and 2003) for testing, and they have had to be rebooted almost weekly with each security update that comes out. The 2003 server is doing better since there don't seem to be as many security fixes, but it still requires a reboot on each.
oooo - and an update to the whole list - since I switched to LDAP and authentication times have improved, those revolting developers are now OOO'ing and AHH'ing over some of the features (Branching and Merging, primarily) that they are able to do with Subversion. Apparently nothing else to complain about. Still can't figure out what was happening with the production box in apache+samba+winbind. When running from my test box, it ran fine.
Regards to all,
Hughes, Trystan wrote:
I'd have to say that yes, it is very possible, and it was relatively easy, but my authentication times are very slow (10-20 seconds). I've run ethereal scans, and it >seems that there are Kerberos issues floating back and forth on the first and secod handshakes. But then they work out. Strange, but it happened...
Anyway - that was when I did Apache+Samba + Winbind. Have now got Apache + LDAP running, and that rocks!
But is your Apache server on a Unix box? My APache server will reside on a Windows box, my users will all be using a Windows machine, and SAMBA to authentication against.
So - make sure you get EVERYTHING right before you move into production. I had a couple of very unhappy developers (read -> whiney) who didn't like to >wait that long for authentication. They started to revolt and claim they'd rather work on VSS.
I look forward to the day :)
Yes and its far easier than it sounds. The only issue I have is that users have to enter in the fully qualified domain user name such as "DOMAIN\USER". That depends on your domain scoping though. But it works fine other than that. I have the authentication hooked up through PAM. Apache can authenticate with PAM through mod_auth_pam.
Get your system authenticating first:
And then use mod_auth_pam to get apache authenticating. Basically, just don't specify a password file.
On Mon, 2005-06-13 at 14:38 +0100, Hughes, Trystan wrote:
I am about to roll out Subversion across my company and have just realised that the company users use SAMBA (http://us1.samba.org/samba/) for its login/authentication process.
This isn;t exactly Windows domain authentication, so was wondering if I would be able to let Subversion use Apache to pickup the users SAMBA login credentials so that they can automatically login (like Windows Domain Authentication works).
Is this at all possible?
The views expressed in this e-mail are not necessarily the views of AssetCo Group Limited,
its directors, officers or employees make no representation or accept any
liability for its accuracy or completeness unless expressly stated to the contrary.
This e-mail, and any attachments are strictly confidential and intended for the addressee(s) only.
The content may also contain legal, professional or other privileged information. Unless expressly
stated to the contrary, no contracts may be concluded on behalf of AssetCo Group Limited by means of
e-mail communication. You may report the matter by calling us on +44 (0)118 906 8000.
Please ensure you have adequate virus protection before you open or detach any documents from this
transmission. AssetCo Group Limited does not accept any liability for viruses. AssetCo Group Limited
is registered in England: Company number: 4450947
Registered Office: Davidson House, Forbury Square, Reading, Berkshire RG1 3GA
Received on Thu Jun 16 12:00:54 2005