I am trying to find a good how-to on setting up samba to use Windows 2003 for authentication, if anyone knows of a good link let me know. I am using RedHat ES 3 and our Windows is running in native mode with NT style authentication allowed. I cant use ADS and Kerberos because the current version of Kerberos on my RH server is 1.2.7 and from what I have read I need 1.3+ in order for it to work that way. I just cant upgrade right now so I am trying to find a way to get this to work somehow. Any advice would GREATLY appreciated. Thanks Vince
> ...our Windows is running in native mode... > I cant use ADS and Kerberos because the current version of > Kerberos on my RH server is 1.2.7 and from what I have read > I need 1.3+ in order for it to work that way.Why don't you just upgrade Kerberos - install the new version in an alternate location and preserve the existing system one? You can't use samba then, as a Domain Member. Maybe you could configure Samba to use your domain as its workgroup & allow all SMB traffic or something like that, if you don't mind a free-for-all with no security whatsoever. --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com
Did you do that or has anyone accomplished reinstalling a new version of Kerberos and getting it to work with 2003 AD? Vince -----Original Message----- From: Covington, Chris [mailto:ccovington@plusone.com] Sent: Friday, May 20, 2005 9:46 AM To: Esquivel, Vicente; samba@lists.samba.org Subject: Re: [Samba] Samba and Window 2003> ...our Windows is running in native mode... > I cant use ADS and Kerberos because the current version of Kerberos on > my RH server is 1.2.7 and from what I have read I need 1.3+ in order > for it to work that way.Why don't you just upgrade Kerberos - install the new version in an alternate location and preserve the existing system one? You can't use samba then, as a Domain Member. Maybe you could configure Samba to use your domain as its workgroup & allow all SMB traffic or something like that, if you don't mind a free-for-all with no security whatsoever. --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com
> Did you do that or has anyone accomplished reinstalling a > new version of KerberosYes I've done that back when I used to use Red Hat. Download the MITKRB5 source and install it in a different directory from the RH one. Read the readme files in the MITKRB5 source tarball to learn how to do this. Then when compiling samba, point it to the alternate MITKRB5 location when you compile it. Read the readme files in the samba source tarball to learn how to do this. Then follow this document http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member .html to get samba working with ADS. Make sure you read the end of this page for a Windows 2003 configuration option. --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com
If you have all the latest krb5 & samba rpm updates installed, it should
work as is. RedHat backports quite a bit of code. RH's current krb5 1.2.7
has stuff from 1.3 already patched in , for example.
This is speaking from experience with Whitebox Linux3 ( a RHES3 clone )
using stock rpms and connecting to AD 2003.
-----------------------------------------------------
toby bluhm
philips medical systems, cleveland ohio
tobias.bluhm@philips.com
440-483-5323
"Esquivel, Vicente" <Esquivelv@uhd.edu>
Sent by:
samba-bounces+tobias.bluhm=philips.com@lists.samba.org
05/20/2005 10:35 AM
To: samba@lists.samba.org
cc: (bcc: Tobias Bluhm/CLE/MS/PHILIPS)
Subject: [Samba] Samba and Window 2003
Classification:
I am trying to find a good how-to on setting up samba to use Windows 2003
for authentication, if anyone knows of a good link let me know. I am
using
RedHat ES 3 and our Windows is running in native mode with NT style
authentication allowed. I cant use ADS and Kerberos because the current
version of Kerberos on my RH server is 1.2.7 and from what I have read I
need 1.3+ in order for it to work that way. I just cant upgrade right now
so I am trying to find a way to get this to work somehow. Any advice
would
GREATLY appreciated.
Thanks
Vince
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
> Yes I've done that back when I used to use Red Hat.ps - even better yet, to avoid the "I don't want to upgrade the system packages" problem, go to www.gentoo.org, download and install Gentoo. Then add +kerberos +ldap +ssl and +winbind to your /etc/make.conf. Then type 'emerge samba' and follow the instructions at http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member .html When a new version of samba, openldap, kerberos, etc. comes out, just do an emerge -vDu world and you'll always be up to date. --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com
Hi, I'm also interesting it this matter but the link below about domain member doesn't work, it show me "the page can not be found". Thanks. -----Original Message----- From: Covington, Chris [mailto:ccovington@plusone.com] Sent: venerd? 20 maggio 2005 18.56 To: Esquivel, Vicente; samba@lists.samba.org Subject: Re: [Samba] Samba and Window 2003> Yes I've done that back when I used to use Red Hat.ps - even better yet, to avoid the "I don't want to upgrade the system packages" problem, go to www.gentoo.org, download and install Gentoo. Then add +kerberos +ldap +ssl and +winbind to your /etc/make.conf. Then type 'emerge samba' and follow the instructions at http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member .html When a new version of samba, openldap, kerberos, etc. comes out, just do an emerge -vDu world and you'll always be up to date. --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba