I'm sorry if this is documented somewhere.... I certainly couldn't find it though. We are currently using the registry hack to allow unencrypted passwords from our NTsp3+ and 95 clients. We currently have 2 passwords, one considered secure (the Kerberos password - used for UNIX desktop logins and such) and one considered insecure (currently just used for POP and samba - we have no telnet or ftp or other similar services that send passwords in cleartext). Anyway, I'd like to have a single password, the Kerberos one. I compiled Samba with K5 support and was able to connect to the server using a bogus K5 account. Then, I turned on 'encrypt password' on the Samba side and changed the registry setting back on the NT side. Now, the only way I can seem to connect is by using the password that would be in the smbpasswd file. Is there someway to easily use the kerberos passwords for the samba password, but not have the password in cleartext? Brian Smith bsmith@scl.ameslab.gov -- Brian Smith Phone: 515-294-7336 Systems Administrator, Fax: 515-294-4491 Scalable Computing Lab/Ames Lab bsmith@scl.ameslab.gov
Hi all I just set up OpenLDAP with CyrusSASL/Kerberos, which represents a central point of authorisation for Linux. This works great! To have the same for the Windows-Clients, I want to use Samba in conjunction with the existing Kerberos. But how do I do that? I can configure a Windows-Client to use the Kerberos (with the tool ksetup), but if I do so, the user-accounts must exist on the client. On the other side, if I join the client to the samba domain, it doesn't use the Kerberos. Is it possible to tell Samba, it should use Kerberos for password-verification? I don't want to store up to three different passwords.... My software: - Fedora Core 1 - Kernel 2.4.22 - OpenLDAP 2.1.22 - CyrusSASL 2.1.15 - MIT Kerberos V 1.3.1 - Samba 3.0.0 (recompiled package from Fedora for LDAP-support) Thanks for any help, Martin