samba - Aug 2005 - samba with NTLM *and* kerberos authentication

We have an existing samba server with many userids, using NTLM 
authentication (stored in OpenLDAP). We would like to add many other
userids, which will authenticate against an existing MIT kerberos server.
Each of our customers will have either an NTLM-based userid/password, or
a kerberos-based userid/password, but never both.

We would like both kinds of userids to work with the same samba server.
e.g. in a PC lab, if a customer enters kerberosUserid@REALMNAME.EDU
it should authenticate against our kerberos server, and allow access
to that user's Samba space; if another customer enters NTLMUserid,
it should authenticate using NTLM (stored in our OpenLDAP), and
allow access to that user's Samba space.

Is this possible ?

Alex Nishri
University of Toronto

On Fri, 2005-08-05 at 16:41 -0400, alex.nishri@utoronto.ca
wrote:
> We have an existing samba server with many userids, using NTLM 
> authentication (stored in OpenLDAP). We would like to add many other
> userids, which will authenticate against an existing MIT kerberos server.
> Each of our customers will have either an NTLM-based userid/password, or
> a kerberos-based userid/password, but never both.
> 
> We would like both kinds of userids to work with the same samba server.
> e.g. in a PC lab, if a customer enters kerberosUserid@REALMNAME.EDU
> it should authenticate against our kerberos server, and allow access
> to that user's Samba space; if another customer enters NTLMUserid,
> it should authenticate using NTLM (stored in our OpenLDAP), and
> allow access to that user's Samba space.
> 
> Is this possible ?
This should be possible, if you setup samba into the kerberos realm with
cifs/.... and host/.... entries.  Put 'use kerberos keytab = yes' in
your smb.conf, and it should sort of work.

Have a play, see how you go.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20050809/3ea83f7d/attachment.bin

What is the equalivant to --with-vfs in Samba 3.x ?


Regards.

In Christ,

Jason Greene

Angelus Press
IT Manager
2915 Forest Avenue
Kansas City, MO  64109-1516
1.800.966.7337 x306
1.816.753.3557 (fax)
www.angeluspress.org