You are not logged in Log in Join
You are here: Home » Members » mcdonc » smb User Folder
Log in
Name

Password

 
Link icon Forgot your password?
 
Print

Folder icon smb User Folder

smbUserFolder

A product that allows you to authenticate users from their Windows NT domain credentials on a *NIX box. Unlike the "NTUserFolder" product which only works when you're running Zope on NT, it works under UNIX. It was developed under Red Hat Linux 6.0 and Python 1.5.2. It makes use of Mark Nottingham's smbvalidmodule C extension module for Python.

It is basically a rip-off of the DC etcUserFolder product with tips from Will Fife's nisUserFolder product. It took me about 30 minutes start-to-finish. This is my first Python programming effort. :) It took me longer to write the documentation than the actual product.

This Product requires Mark Nottingham's smbvalid Python module. I found this module at http://www.mnot.net/python/smbvalid/ although it may be available elsewhere. I have no idea whether this product will work on platforms other than Linux, based on this requirement. You are welcome to try. I have made it work under Linux and Zope 2.0.0.

Basically, before you can use this product, you need to (re)compile Python so that it knows how to use the smbvalid module. You can find instructions about how to do this in the README.txt file that comes with the smbvalid-0.5.tgz file downloadable from Mark Nottingham's site. I found his directions somewhat confusing, so here's alternate ones which include smbUserFolder:

  1. Download the pam_smb library (i retrieved it from its home site at http://www.csn.ul.ie/~airlied/pam_smb/). The latest stable release at the time I wrote this document was 1.1.5.
  2. Unzip and untar the pam_smb library.
  3. "cd" to the pam_smb directory created when you untarred the file.
  4. Run "./configure"
  5. Edit the Makefile, remove the -fPIC from the line that contains it.
  6. Run "make smbvalid"
  7. Ensure that you have Python sources on-hand. If not, download them from http://www.python.org and unpackage them in a separate directory. Then copy the "smbvalidmodule.c" file to the Python source "Modules" directory.
  8. Add the following line to your Python source's Modules/Setup file:

    smbvalid smbvalidmodule.c -I{path}/pam_smb/smbval {path}\ /pam_smb/smbval/smbvalid.a

    where {path} is the location of the pam_smb source build.

  9. Compile Python. Remember to enable threading for Zope. I used the following: "./configure --with-threads \ --prefix=/usr; make; make test".
  10. Install Python. Make sure you want to do this (if you've installed Python from RPM files or other binary releases , you may want to first UN-install the binary Python build.) Also make sure Zope is stopped on your machine. Then do "make install" while in the Python top-level source dir.
  11. Put the smbUserFolder.tar file into your top-level Zope directory, and untar it.
  12. Create a folder smbUsers in your top-level Zope folder. Inside this folder, create a file named smbUsers with the following contents:

    {USERNAME}:{NT_DOMAIN}:{PDC_NAME}:{BDC_NAME}

    Where, for each user, {USERNAME} is the NT username you wish to validate against, {NT_DOMAIN} is the NT domain in which this user resides, {PDC_NAME} is the PDC for this domain, and {BDC_NAME} is the BDC for this domain.

    For example:

    mcdonc:INFOUEST_1:IQPDC:IQBDC colbrw:INFOQUEST_1:IQPDC:IQBDC

    Without this file, you will not have a userlist to validate against. smbUserFolder does not PULL a userlist from the NT domain, it just compares known NT usernames in a file against users defined in the NT domain. Therefore, for each NT user you need to validate, you have to add an entry to the smbUserList file. This is sort of like Samba, in that you need to add a "local" user for every instance of NT user that you have. I've set up a little cron job that starts a Perl script under Win32 that grabs the userlist from an NT domain and dumps it into a file that can be read by smbUserFolder. Email me if you want the Perl script that does this.

    1. Restart Zope. You should have an smbUserFolder object that you will be able to add just like any other User Folder.

Dig it!

contact:

Chris McDonough IQ Group, IT Consultants

[email protected] (now [email protected])

NO WARRANTIES EXPRESSED OR IMPLIED.

 Title   Type   Size   Modified   Status 
 smb User Folder 0.1 Edit object Software Release   1999-09-15 published
Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)