Hi! How do I configure smb.conf and/or Pam as a single sign on server if I have a LDAP server with a Kerberos as password backend through gssapi? I only see either Samba/ldap as PDC or Samba/kerberos with ads on the Internet. Not both at the same time? I've already configured samba with LDAP and Kerberos support. Everything seams to works. I also configured Samba with ads and Pam support if needed? Peter Nyberg Institutionen f?r Biokemi och Biofysik Arrheniusv?gen 12 Tel: 08-16 24 69 Mobil: 070 339 24 69 Fax 153679
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Nyberg ?rta: | Hi! | How do I configure smb.conf and/or Pam as a single sign on server if I have a | LDAP server with a Kerberos as password backend through gssapi? | I only see either Samba/ldap as PDC or Samba/kerberos with ads on the Internet. | Not both at the same time? | I've already configured samba with LDAP and Kerberos support. Everything seams | to works. I also configured Samba with ads and Pam support if needed? | Unfortunatelly not yet. Windows clients need an MSPAC in their Kerberos tickets, and as usual with M$ "inventions" they keep thats a trade secret, so currently only AD Kerberos servers can do that. However you can have a Heimdal Kerberos server (current snapshots) with LDAP backend authenticate your UNIX users against NT password hashes. For more info you can search the Heimdal or the Samba-technical mailing lists. Cheers Geza -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAcu7+/PxuIn+i1pIRAj/TAJ0eTZD8l5OsCdntJpscY5TyvhxyRwCcDZXf LC0WRfcDiDObOICIm2p71aM=YWGc -----END PGP SIGNATURE-----
Hi Mike, hope i understand everything right,> Question: What type of problem is this? and how serious?It is a windows network problem and or a collision between two PDC?s.> Question: Ok, how do I correct it?There are some possible solutions for your problem: a: If there is allready a PDC (W2K/NT) then change on the samba PDC the domain, and create on both sides an interdomaintrust relationship b: Change the Samba config, that it is a Domainmember-Server.>Binding to the public interface only (via >bind interfaces, and bind interfaces only) . The >examination of the log for NMBD indicates proper registration >of the Samba PDC as a Domain Master Browser as well >as Local Master browser on the segment. > >However, adding the private backend interface to the >samba PDC interfaces statement, the NMBD logs are different. >Access to the WINS server is indicated as timing out. >Further, the PDC is unable to register itself as the >Domain Master Browser, but it does register itself as >the Local Master Browser. > >The private network is on eth0 and the public on eth3. > >The bind interfaces statement states the interfaces >in the following order eth3 then eth0.with kind regards Arno Seidel
The samba PDC is the only PDC for the given domain. Maybe a picture: system A <----private network----> system B <-----> ... system N | (possibly other system) | | | | | | | | | | | | public network | | V V V WINS server on public network Both system A and system B are in the same domain. Only A is the Samba PDC. so question is when I do not mention the private interface in the interfaces statement things work OK. However, when I activate the private interface on the PDC, it times out requests to the WINS server, does not apparently become the domain master browser because of this. However access seems to work just fine otherwise from what I can see. Why does adding the private network to the samba configuration cause this type of problem? Mike -----Original Message----- From: samba-bounces+parkerm=ga.com@lists.samba.org [mailto:samba-bounces+parkerm=ga.com@lists.samba.org]On Behalf Of Arno Seidel Sent: Wednesday, April 07, 2004 9:48 AM To: samba@lists.samba.org Subject: AW: [Samba] Multi-homed Samba PDC problem Hi Mike, hope i understand everything right,> Question: What type of problem is this? and how serious?It is a windows network problem and or a collision between two PDC?s.> Question: Ok, how do I correct it?There are some possible solutions for your problem: a: If there is allready a PDC (W2K/NT) then change on the samba PDC the domain, and create on both sides an interdomaintrust relationship b: Change the Samba config, that it is a Domainmember-Server.>Binding to the public interface only (via >bind interfaces, and bind interfaces only) . The >examination of the log for NMBD indicates proper registration >of the Samba PDC as a Domain Master Browser as well >as Local Master browser on the segment. > >However, adding the private backend interface to the >samba PDC interfaces statement, the NMBD logs are different. >Access to the WINS server is indicated as timing out. >Further, the PDC is unable to register itself as the >Domain Master Browser, but it does register itself as >the Local Master Browser. > >The private network is on eth0 and the public on eth3. > >The bind interfaces statement states the interfaces >in the following order eth3 then eth0.with kind regards Arno Seidel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba