[rsbac] rsbac + ldap/samba
Amon Ott
ao at rsbac.org
Thu Jan 12 14:45:06 CET 2006
On Donnerstag 12 Januar 2006 14:29, jochem_ippers at email.de wrote:
> I'm just a beginner with rsbac, so...
> We have to migrate a netware 4.11 server to samba+ldap, and we would
like to have something better than the standard posix acls. Maybe
this question was already answered before, but is it possible to use
rsbac acls (and other modules) with Samba usinge ldap as samba
database backend in any way? Maybe if you don't use the rsbac AUTH
module? (does rsbac work with ldap over nsswitch? etc. etc. ;-))
RSBAC always uses real user ids. You can auth in whatever way you
like, but only RSBAC User Management can guarantee that a user has
provided a password before the setuid succeeds.
Most samba versions do not setuid, but rather seteuid. In this case,
RSBAC can only control the complete samba as a black box. You can
probably hack your samba sources to make it use setuid again and then
control by user.
A samba extension for RSBAC ACLs has been planned for years now, but
never been done. With such an extension, you could administrate your
RSBAC ACLs e.g. from a Windows system over network. We are always
looking for volunteers...
> I would really like to use rsbac for this (and for other purposes),
because it's just great.
Thanks for these flowers, we all appreciate them. :)
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list