[Zope] ANNOUNCE: smbUserFolder 0.1 released
mcdonc@iqgroup.com
mcdonc@iqgroup.com
Fri, 10 Sep 1999 14:51:52 -0700
Please see http://www.zope.org:18200/Members/mcdonc/smbUserFolder to
download.
smbUserFolder
The smbUserFolder product is a Zope product that allows you to
authenticate users based on their Windows NT domain credentials.
Unlike the "NTUserFolder" product which only works when you're
running Zope on NT, it works under UNIX. It was developed under Red
Hat Linux 6.0 and Python 1.5.2. It makes use of Mark Nottingham's
smbvalidmodule C extension module for Python.
It is basically a rip-off of the DC etcUserFolder product with tips
from Will Fife's nisUserFolder product. It took me about 30 minutes
start-to-finish. This is my first Python programming effort. :)
It took me longer to write the documentation than the actual
product.
This Product requires Mark Nottingham's smbvalid Python module. I
found this module at http://www.mnot.net/python/smbvalid/ although
it may be available elsewhere. I have no idea whether this product
will work on platforms other than Linux, based on this requirement.
You are welcome to try. I have made it work under Linux and Zope
2.0.0.
Basically, before you can use this product, you need to (re)compile
Python so that it knows how to use the smbvalid module. You can
find instructions about how to do this in the README.txt file that
comes with the smbvalid-0.5.tgz file downloadable from Mark
Nottingham's site. I found his directions somewhat confusing, so
here's alternate ones which include smbUserFolder:
1. Download the pam_smb library (i retrieved it from its home
site at http://www.csn.ul.ie/~airlied/pam_smb/). The latest
stable release at the time I wrote this document was 1.1.5.
2. Unzip and untar the pam_smb library.
3. "cd" to the pam_smb directory created when you untarred the
file.
4. Run "./configure"
5. Edit the Makefile, remove the -fPIC from the line that contains
it.
6. Run "make smbvalid"
7. Ensure that you have Python sources on-hand. If not, download
them from http://www.python.org and unpackage them in a
separate directory. Then copy the "smbvalidmodule.c" file
to the Python source "Modules" directory.
8. Add the following line to your Python source's Modules/Setup
file:
smbvalid smbvalidmodule.c -I{path}/pam_smb/smbval {path}\
/pam_smb/smbval/smbvalid.a
where {path} is the location of the pam_smb source build.
9. Compile Python. Remember to enable threading for Zope.
I used the following: "./configure --with-threads \
--prefix=/usr; make; make test".
10. Install Python. Make sure you want to do this (if you've
installed Python from RPM files or other binary releases ,
you may want to first UN-install the binary Python build.)
Also make sure Zope is stopped on your machine. Then
do "make install" while in the Python top-level source
dir.
11. Put the smbUserFolder.tar file into your top-level Zope
directory, and untar it.
12. Create a folder smbUsers in your top-level Zope folder.
Inside this folder, create a file named smbUsers with
the following contents:
{USERNAME}:{NT_DOMAIN}:{PDC_NAME}:{BDC_NAME}
Where, for each user, {USERNAME} is the NT username you
wish to validate against, {NT_DOMAIN} is the NT domain
in which this user resides, {PDC_NAME} is the PDC for
this domain, and {BDC_NAME} is the BDC for this domain.
For example:
mcdonc:INFOUEST_1:IQPDC:IQBDC
colbrw:INFOQUEST_1:IQPDC:IQBDC
Without this file, you will not have a userlist to validate
against. smbUserFolder does not PULL a userlist from the
NT domain, it just compares known NT usernames in a file
against users defined in the NT domain. Therefore, for each
NT user you need to validate, you have to add an entry to
the smbUserList file. This is sort of like Samba, in that
you need to add a "local" user for every instance of NT
user that you have. I've set up a little cron job that starts
a Perl script under Win32 that grabs the userlist from an NT
domain and dumps it into a file that can be read by
smbUserFolder. Email me if you want the Perl script that
does this.
13. Restart Zope. You should have an smbUserFolder object that
you will be able to add just like any other User Folder.
Dig it!
contact:
Chris McDonough
IQ Group, IT Consultants
mcdonc@iqgroup.com
NO WARRANTIES EXPRESSED OR IMPLIED.