[rsbac] rsbac + ldap/samba

Amon Ott ao at rsbac.org
Thu Jan 12 14:45:06 CET 2006

On Donnerstag 12 Januar 2006 14:29, jochem_ippers at email.de wrote:
> I'm just a beginner with rsbac, so...
> We have to migrate a netware 4.11 server to samba+ldap, and we would 
like to have something better than the standard posix acls. Maybe 
this question was already answered before, but is it possible to use 
rsbac acls (and other modules) with Samba usinge ldap as samba 
database backend in any way? Maybe if you don't use the rsbac AUTH 
module? (does rsbac work with ldap over nsswitch? etc. etc. ;-)) 

RSBAC always uses real user ids. You can auth in whatever way you 
like, but only RSBAC User Management can guarantee that a user has 
provided a password before the setuid succeeds.

Most samba versions do not setuid, but rather seteuid. In this case, 
RSBAC can only control the complete samba as a black box. You can 
probably hack your samba sources to make it use setuid again and then 
control by user.

A samba extension for RSBAC ACLs has been planned for years now, but 
never been done. With such an extension, you could administrate your 
RSBAC ACLs e.g. from a Windows system over network. We are always 
looking for volunteers...

> I would really like to use rsbac for this (and for other purposes), 
because it's just great.

Thanks for these flowers, we all appreciate them. :)

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list