Possibilities for using winbind libs with Samba < 4.2.1

Matthew Newton mcn4 at leicester.ac.uk
Tue Dec 8 15:02:23 CET 2015


Hi,

On Tue, Dec 08, 2015 at 02:39:54PM +0100, Herwin Weststrate wrote:
> This question is mainly for Matthew, since he is the author of
> auth_wbclient.c. I just tried to use that on our Debian systems, but
> then I saw that Samba version 4.2.1 was required. It seems that this
> version introduced the used method wbcCtxAuthenticateUserEx. Older
> versions (4.1.something on the current Debian stable) do however have a
> wbcAuthenticateUserEx, that looks like it does about the same thing, but
> without the context-object that the first method uses.

Yes... I also wrote wbcCtxAuthenticateUserEx and friends for Samba.

See https://bugzilla.samba.org/show_bug.cgi?id=11149


> Is there a specific reason that you used the functionality from Samba
> 4.2.1, or do you think it could be possible to make it work with older
> versions of Samba as well?

Yes, by adding the patches in that bug report. Should apply easily
to all 4.x versions.

> I'm more than willing to actually write the code myself, but maybe you
> had already concluded that it won't be possible to make it work with
> older versions, than it would be a waste of time to try to make it work.

It won't work without those patches (i.e. you can't change FR to
call wbcAuthenticateUserEx) unless you

 a) make mschap non-threaded (which rather defeats the point of this
 code)

 b) expect lots of auths to fail or FR to crash because the
 threads stomp on each other.

Cheers,

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Devel mailing list