samba - Jul 2004 - Win Integration: possible solution?

Hi. Back again...

I'm still looking for a possible integration of MIT K5 and AFS through
the windows login, so I will ask you a question.

A first considerations is that afs+k5 works fine but we have to create a
local account with a fake password. The profile will be on the local
disk. We can gain tickets and the token necessary to access \\AFS. The
problem is: how to avoid a local account?

What about samba? I don't know, but maybe some of you can help me with
this solution. Samba can be a gateway being a windows domain. Now, can
we set windows to look for a remote profile instead of the local one, so
that we mimic what we do on afs, k5 and setting login on a mit kdc?
But... how to do this?

-- 
Sensei    <mailto:senseiwa@tin.it>
          <icqnum:241572242>
          <msn-id:Sensei_Sen@hotmail.com>
Error: Keyboard not found. Press F1 to continue...

> I'm still looking for a possible integration of MIT K5 and AFS through
> the windows login, so I will ask you a question.
> A first considerations is that afs+k5 works fine but we have to create a
> local account with a fake password. The profile will be on the local
> disk. We can gain tickets and the token necessary to access \\AFS. The
> problem is: how to avoid a local account?
You can't.  You'd need Samba to be able to perform a domain account
login (using
the Kerberos SAM) and then acquire a ticket on the clients behalf.  You
can't do
this (yet).
 
> What about samba? I don't know, but maybe some of you can help me with
> this solution. Samba can be a gateway being a windows domain. 
Sort of, but it can't do things a PDC can't do - like Kerberos.  Samba
is an NT4
domain controller not an ADS.
> we set windows to look for a remote profile instead of the local one, so
> that we mimic what we do on afs, k5 and setting login on a mit kdc?
> But... how to do this?
You can dig out what information exists on "lorikeet",  but it is not
(yet) a
real/complete solution.