Sascha Siekmann
2006-Oct-26 19:56 UTC
[Samba] NT coexistence scenario with kerberized SAMBA and MIT single-signon
Hello, thanks for the time to read this. I am doing a proof of concept in the following context. I have a NT 4.0 domain and because I don't want AD, I am moving towards a MIT Kerberos managed domain which still gives me SSO and thru kerberized SAMBA, file sharing. What I have setup so far is XP workstations SSO into the MIT Kerberos domain, I can access shares on the Samba server without being prompted for username / password and I can also mount shares from the NT domain into my Samba server who then shares it with my MIT domain clients. This is all working fine. The question I have is, does anyone see any obvious problems with the last statement. So what I am doing here is basically smbmount the remote NT servers share (e.g. //ntsrv/docs) into /mnt/smb/docs and then put this into smb.conf. I am doing this because I am running in security=domain mode and not security = ads as I understand this applies specifically to Active Directory. Plus, when I tried that I was never able to join the domain against my MIT Kerberos domain. I use [kerberos] comment = Insert a comment here path = /mnt/smb/docs valid users = @demo public = yes writable = yes printable = no create mask = 0765 This gives me exact what I want in terms of SSO, but the question is: Is this sane and is it going to scale for, say, a couple hundred users. Thanks for any insights, Sascha.