Hi
I want to use Samba and MIT Kerberos (*not* Win2k kdc), but I have no idea
how to get it working.
The only references I can find in the samba (3.0) documentation to
Kerberos always deal with an ADS domain -- which I do not have, just a
plain Kerberos realm.
Is this possible at all?
--
Helge Bahmann <bahmann@math.tu-freiberg.de> /| \__
The past: Smart users in front of dumb terminals /_|____\
_/\ | __)
$ ./configure \\ \|__/__|
checking whether build environment is sane... yes \\/___/ |
checking for AIX... no (we already did this) |
Since Kerberos is a password storage only, and you are going to need other things, such as user uid/rid, homedir, etc., I recommend to go for Samba+LDAP (look for Samba PDC HOWTO on google). Then you can set up OpenLDAP to utilize Kerberos as a password backend. See http://www.bayour.com/LDAPv3-HOWTO.html for details. Helge Bahmann wrote:> > Hi > > I want to use Samba and MIT Kerberos (*not* Win2k kdc), but I have no idea > how to get it working. > > The only references I can find in the samba (3.0) documentation to > Kerberos always deal with an ADS domain -- which I do not have, just a > plain Kerberos realm. > > Is this possible at all? > -- > Helge Bahmann <bahmann@math.tu-freiberg.de> /| \__ > The past: Smart users in front of dumb terminals /_|____\ > _/\ | __) > $ ./configure \\ \|__/__| > checking whether build environment is sane... yes \\/___/ | > checking for AIX... no (we already did this) | > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
> Since Kerberos is a password storage only, and you are going to need > other things, such as user uid/rid, homedir, etc., I recommend to go for > Samba+LDAP (look for Samba PDC HOWTO on google).Yes, sure; what I currently have: - Kerberos as authentication service for Unix clients; Win2k clients "sort of" working as well - LDAP as directory service, basically just as a NIS replacement; of course I can add required fields to the user objects for Samba - NFS to serve files for Unix clients what I would like to have is to use Samba to serve files to the windows client, but have the windows clients use Kerberos to authenticate against the Samba server using the Kerberos tickets obtained during login (instead of something smbpasswd-like, be it stored as a flat file or kept in ldap)> Then you can set up > OpenLDAP to utilize Kerberos as a password backend. See > http://www.bayour.com/LDAPv3-HOWTO.html for details.Sure, but as far as I understand this only covers kerberos-authenticated access to the ldap server (which I am interested in as well, but not at the moment); it does not explain what I need to do to make samba accept the Win2k kerberos tickets Please correct me if I am wrong or unclear, I am not sure there may be something fundamentally wrong in my understanding of the interaction of the pieces. Regards -- Helge Bahmann <bahmann@math.tu-freiberg.de> /| \__ The past: Smart users in front of dumb terminals /_|____\ _/\ | __) $ ./configure \\ \|__/__| checking whether build environment is sane... yes \\/___/ | checking for AIX... no (we already did this) |