samba - Oct 2004 - "security = user" security setting

Using Samba 3.x, we are looking at the "security" setting.  We want to
get "security = user" to work, preferably with user authentication
independent from local /etc/passwd & shadow.  But we don't want to use
Samba-based authentication due to administrative overhead.

Ideally, we want to tie in with a Windows Active Directory domain
through Kerberos 5 so people can use their AD username & password
(instead of maintaining it separately) and to avoid having to create
many users locally (in /etc/passwd or Samba-based user list) to reduce
administrative overhead.  Any ideas?

Thanks,

-- 
-Brian
bsimper@gmail.com
simper@qwest.net

samba-bounces+alaslavic=havertys.com@lists.samba.org wrote on 10/06/2004
01:20:30 PM:
> Using Samba 3.x, we are looking at the "security" setting.  We
want to
> get "security = user" to work, preferably with user
authentication
> independent from local /etc/passwd & shadow.  But we don't want to
use
> Samba-based authentication due to administrative overhead.
>
> Ideally, we want to tie in with a Windows Active Directory domain
> through Kerberos 5 so people can use their AD username & password
> (instead of maintaining it separately) and to avoid having to create
> many users locally (in /etc/passwd or Samba-based user list) to reduce
> administrative overhead.  Any ideas?
>
> Thanks,
>
> --
> -Brian
> bsimper@gmail.com
> simper@qwest.net
> --
I would think what you wanted to use is "security = ADS", and then use
samba and winbind to authenticate against your AD domain.  This security
setting would not require you to to any additional user management, because
people could log in to samba using their AD account and password.  There is
plenty of decent documentation on setting up Samba and Winbind.  Google
should be a good start.

~alex



> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba