david.touster@acecomm.com
2001-Jan-10 20:17 UTC
2.2 support pass though authencation to Win2K AD?
3rd posting, PLEASE HELP My assumption: I require Samba to pass though authencation to Windows 2000 Activer Directory using LDAP and Kerberos. (Samba will not be asked to store or update user passwords, etc. and Samba will NOT replace or try to be the Active Directory Domain Controller server) Will the current samba-2.2.0-alpha1 support the following environment: (If not which version will? Approximately, when will it be available?) Environment: 1. Windows 2000 Active Directory (AD) in "Native Mode" will be the authoritative source for all user authentications (UNIX and Windows), permissions, etc. 2. UNIX: Solaris 8 with it's built in LDAP and Kerberos support configured to talk to AD (I'm still working on this) 3. Need to just share a few directories that reside on the UNIX server to the Windows 2000 workstations and would like to be able to print from UNIX to a Windows 2000 system running as a print server (print server could be a Win2K server and/or workstation) Follow-up questions: A. Does the Samba's PAM support for Kerberos work? In 2.0.7 as well? B. In case accessing directly to the Windows 2000 AD running in "Native Mode" based on the environment above is currently not a possibility, can PAM support be used for going through the local UNIX server that Samba (local LDAP and/or Kerberos) is running on? C. Can I turn off LAN Manager authencation/Protocol in Windows 2000 and go through (if I can) the local Solaris 8 LDAP & Kerberos for authentication as well servicing the file and print requests? (All windows systems will be Windows 2000 - no 9x, ME, or NT will be used) Thanks, David
david.touster@acecomm.com wrote:> > 3rd posting, PLEASE HELP > > My assumption: I require Samba to pass though > authencation to Windows 2000 Activer Directory using > LDAP and Kerberos. (Samba will not be asked to > store or update user passwords, etc. and Samba will > NOT replace or try to be the Active Directory > Domain Controller server) > > Will the current samba-2.2.0-alpha1 support the > following environment: (If not which version > will? Approximately, when will it be available?) > > Environment: > 1. Windows 2000 Active Directory (AD) in "Native > Mode" will be the authoritative source for > all user authentications (UNIX and Windows), permissions, etc.Down the road. Native mode client support will definitely not be in 2.2.> 2. UNIX: Solaris 8 with it's built in LDAP and > Kerberos support configured to talk to AD (I'm still > working on this)I'm not sure I can comment on this. I know what you are thinking, but I don't quite think it will do what you expect.> 3. Need to just share a few directories that reside > on the UNIX server to the Windows 2000 workstations and > would like to be able to print from UNIX to a > Windows 2000 system running as a print server (print > server could be a Win2K server and/or workstation)You options would seem to be a standalone Samba server allow some guest printing access. I'll let you work out the file access. Or a Win2k mixed mode domain controller and Samba as a domain member.> Follow-up questions: > A. Does the Samba's PAM support for Kerberos work? > In 2.0.7 as well?PAM support for Kerberos? Samba has some Kerberos support although I'm now sure how well it works. As well as support for PAM authentication (requires plain text logons from clients). If you want to use a kerberos PAM module, that should work fine, but is external to Samba.> B. In case accessing directly to the Windows 2000 AD > running in "Native Mode" based on the environment > above is currently not a possibility, can PAM support be > used for going through the local UNIX server that Samba > (local LDAP and/or Kerberos) is running on?See above comments about PAM.> C. Can I turn off LAN Manager authencation/Protocol > in Windows 2000 and go through (if I can) the local Solaris 8 > LDAP & Kerberos for authentication as well servicing the > file and print requests? (All windows systems will > be Windows 2000 - no 9x, ME, or NT will be used)NT/2000 clients will use ntlmv1 to talk to Samba. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 )
david.touster@acecomm.com
2001-Jan-11 14:27 UTC
2.2 support pass though authencation to Win2K AD?
Jerry, Thanks for your response,
For clarity, I should have stated that the Samba server will be a member of
the Windows 2000 AD domain.
Based on this, please clarify your comment: "Down the road. Native mode
client support will definitely
not be in 2.2."
Does anyone have experience using Samba with the Kerberos PAM? How about
it with Solaris 8's LDAP?
Thanks,
David
Gerald Carter
<gcarter@vali To: david.touster@acecomm.com
nux.com> cc: samba@us5.samba.org
Sent by: Subject: Re: 2.2 support pass
though authencation to Win2K AD?
gcarter@aceco
mm.com
01/10/2001
11:30 PM
david.touster@acecomm.com wrote:>
> 3rd posting, PLEASE HELP
>
> My assumption: I require Samba to pass though
> authencation to Windows 2000 Activer Directory using
> LDAP and Kerberos. (Samba will not be asked to
> store or update user passwords, etc. and Samba will
> NOT replace or try to be the Active Directory
> Domain Controller server)
>
> Will the current samba-2.2.0-alpha1 support the
> following environment: (If not which version
> will? Approximately, when will it be available?)
>
> Environment:
> 1. Windows 2000 Active Directory (AD) in "Native
> Mode" will be the authoritative source for
> all user authentications (UNIX and Windows), permissions, etc.
Down the road. Native mode client support will definitely
not be in 2.2.
> 2. UNIX: Solaris 8 with it's built in LDAP and
> Kerberos support configured to talk to AD (I'm still
> working on this)
I'm not sure I can comment on this. I know what you
are thinking, but I don't quite think it will do what
you expect.
> 3. Need to just share a few directories that reside
> on the UNIX server to the Windows 2000 workstations and
> would like to be able to print from UNIX to a
> Windows 2000 system running as a print server (print
> server could be a Win2K server and/or workstation)
You options would seem to be a standalone Samba server
allow some guest printing access. I'll let you work out the
file access.
Or a Win2k mixed mode domain controller and Samba as
a domain member.
> Follow-up questions:
> A. Does the Samba's PAM support for Kerberos work?
> In 2.0.7 as well?
PAM support for Kerberos? Samba has some Kerberos support
although I'm now sure how well it works. As well as
support for PAM authentication (requires plain text logons
from clients).
If you want to use a kerberos PAM module, that should
work fine, but is external to Samba.
> B. In case accessing directly to the Windows 2000 AD
> running in "Native Mode" based on the environment
> above is currently not a possibility, can PAM support be
> used for going through the local UNIX server that Samba
> (local LDAP and/or Kerberos) is running on?
See above comments about PAM.
> C. Can I turn off LAN Manager authencation/Protocol
> in Windows 2000 and go through (if I can) the local Solaris 8
> LDAP & Kerberos for authentication as well servicing the
> file and print requests? (All windows systems will
> be Windows 2000 - no 9x, ME, or NT will be used)
NT/2000 clients will use ntlmv1 to talk to Samba.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com
http://www.samba.org/ SAMBA Team jerry@samba.org
http://www.plainjoe.org/ jerry@plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )