ooba-samba — uses a Samba server to update the out of band authentication user list
-p ] [
-t ] [
-a ] [
-c ] [
Script ooba-samba provides communication between a Samba server and a http-proxy(8) acting as an out of band (OOB) authentication server. The script reads the list of users currently logged on the Samba server and passes them to the http-proxy. This way, users authenticated on the Samba server are seen as authenticated by proxies that use OOB authentication.
For each user logged on the Samba server, ooba-samba sends to the http-proxy the user name, the IP address of the user's machine, and the group the user belongs to. An updated list of users is sent to the http-proxy each time a user logs in or out of the Samba server. Additionally, updates are sent periodically (every 5 minutes by default) in order to synchronize the list in case of a failed login/logout update.
Prints some debugging information.
Writes process id into
Sets the period (in seconds, the default is 5 minutes) of sending the user list to the OOB authentication server in addition to updates triggered by Samba preexec/postexec.
Use a secure connection (SSL/TLS) for communication with the OOB authentication server.
A file containing a certificate of a trusted certification authority for verification of OOB authentication server certificate
A file containing a certificate used for communication with the OOB authentication server
A file containing a private key for the certificate
Address of the OOB authentication server
Port of the OOB authentication server
The http-proxy must be configured as an OOB authentication server using external method of authentication:
aproxy must exist, contain
oob-auth, and be referenced by
http-proxy must contain item
oob-auth-srv that references a section
Information about user membership in groups is also passed
to http-proxy by ooba-samba.
oob-auth.method.ldap is set,
http-proxy looks for group membership information in
an LDAP database.
It is recommended to use SSL/TLS for communication between ooba-samba and the OOB authentication server.
Script ooba-samba must be installed on the machine running the Samba server.
The script must be configured to run all the time Samba
is running. The best method is to start it from a
The script must be configured to send the user list to the
http-proxy acting as an OOB authentication server
The following lines must be added to
smb4.conf to a section defining a share, to which all
root preexec=kill -USR1 `cat
pidfile` root postexec=kill -USR1 `cat
is a file that contains ooba-samba process id, as set
-p of ooba-samba.
Samba documentation at http://www.samba.org