Jaime Magiera
2006-Sep-25 20:57 UTC
[Samba] hello and question on Mac OS X Server use of Samba
Hi, I'm new to the list (and samba). It's a great technology and I look forward to learning more about it. I have an OS X Server that utilizes the built-in Samba to allow for Windows client connectivity. The OSXS gets the majority of its users from an LDAP server elsewhere on the campus. On OSXS, it's expected that the Windows users will be local or that the server will be a KDC or that the server will be bound to an AD. Regrettably, my server is not bound not an AD, nor is it a Kerberos KDC for the University and the users are not local but from the campus-wide LDAP server. The only option I can think of for Windows clients to use Samba is to re-kerberize the Samba service itself to the University KDC. I can get the keytabs. However, I've been told by folks on other lists that there on some tweaks on OSXS that make Samba configuration a little different. Does anyone here have experience (re)kerberizing Samba on an OSX Server? Or any suggestions how I could solve this conundrum I'm in? Or, if I'm misunderstanding something about how Samba works? any help greatly appreciated, Jaime
James Peach
2006-Sep-27 16:04 UTC
[Samba] hello and question on Mac OS X Server use of Samba
On 25/09/06, Jaime Magiera <jaime@sensoryresearch.net> wrote:> Hi, > > I'm new to the list (and samba). It's a great technology and I look > forward to learning more about it. > > I have an OS X Server that utilizes the built-in Samba to allow for > Windows client connectivity. The OSXS gets the majority of its users > from an LDAP server elsewhere on the campus. > > On OSXS, it's expected that the Windows users will be local or that > the server will be a KDC or that the server will be bound to an AD. > Regrettably, my server is not bound not an AD, nor is it a Kerberos > KDC for the University and the users are not local but from the > campus-wide LDAP server. > > The only option I can think of for Windows clients to use Samba is to > re-kerberize the Samba service itself to the University KDC. I can > get the keytabs. However, I've been told by folks on other lists that > there on some tweaks on OSXS that make Samba configuration a little > different.You can definitely configure Samba to talk to the campus-wide LDAP server to resolve user names. Check the official howto and the "by example" books on samba.org.> Does anyone here have experience (re)kerberizing Samba on an OSX > Server? Or any suggestions how I could solve this conundrum I'm in? > Or, if I'm misunderstanding something about how Samba works?AFAIK, windows clients will only do Kerberos authentication to AD member servers. -- James Peach | jorgar@gmail.com