similar to: Samba PDC & Kerberos authentication

Hello all, I am doing some tests for an SSO for our Windows workstations using Kerberos without ADS. So far, Windows client can obtain the ticket from the Heimdal KDC and it's possible to login to SSH servers using Vintela Putty. I am now trying to use the Kerberos credentials to access Samba shares. I can mount the shares using my Kerberos tickets from a Linux and I see the service ticket

I am installing RH 7.2 on a machine to act as a Samba File and print server. During the install, there was an option for an SMB authentication server. I entered in the information for my Win2k ADC (running in mixed mode), but do not know what else is needed to finish this authentication process. RH support is less than helpful in this aspect. Thanks in advance for your helpful suggestions, and

>>* The local on *>>* site domain is a realm that has a list of usernames and samba *>>* accounts but authentication is off loaded onto an external realm and *>>* there is a one way trust relationship where the local samba server *>>* trusts the external realm -- all that is required is that there is a *>>* local username and username map on local samba server.

Which is the preferred method of handling service principals when the samba server is an ads member -- turning on "use kerberos keytab" in smb.conf, or the default secrets.tdb? Is there any particular reason I should use one over the other? Also, all I see in secrets.tdb is the the machine password while in krb5.keytab i see 100+ principals corresponding to various combinations of

Not tested, just brain farts ;-) Setup a member, Allow guest access. ( in global : guest ok = yes ) This allow local users to access the server ( not shares ) On the shares Deny "domain users" and/or authenticated users. Allow the local group for local users. Not tested but technicaly is could work. Which is almost the same as a standalone with and without user authentication.

Hi folks, I'm using Samba 3beta running on RH 8.0 and I'd like to authentificate against a Microsoft AD. This all works very well, except that not all AD User are mapped to my Unixbox! When starting getent passwd, my UnixBox shoiws just my User from passwd and some of the AD User - not all!! Looking through my User with the command wbinfo -u all AD user are shown correctly! Anybody

I'm trying to connect to a W2k server using Kerberos. Connecting with smbclient works fine. When using smbmount, I get the message kerberos support will only work for samba servers and the mount operation fails. What is the reason for this limitation? How can it be lifted? TIA, Martin

Does SAMBA 3.0 use the PAC information available within a Microsoft Kerberos ticket? Thanks. -dan -------------------------------------- Daniel Wachdorf drwachd@sandia.gov Sandia National Laboratories System Security Research and Integration 505-284-8060

Hello, i'm currently trying to find a way to integrate a openafs cell and samba (without plaintext passwords). this should all be possible with a windows kdc, giving out afs tickets and forward these tickets to the samba server. unfortuntely this is not an option here. is there a way to connect samba 3.x to a mit krb5 server ? Holger Brueckner net-labs Systemhaus GmbH

Hi, All!! I have a Windows XP client configured to use Kerberos authentication (with a MIT KDC). I configured it with ksetup.exe from Windows 2000 and it works well. Question is: can I use the kerberos tickets I got at logon time to access the shares from our samba server, without configuring a entire AD struct and soon? Actually, I can access the shares, but only if my kerberos password and

First I compiled kerberos 5-1.2.5. Ater that I configured samba: ./configure --with-smbwrapper --with-krb5 --with-automount --with-smbmount. So far all goes well. After that I 'make' in the samba/source dir. An error pops up, displayed below. Does anyone know of either a workaround or solution? I can't install samba now!! :( Mark -- This is the error: Linking bin/smbd

Hi all, I'm about to begin building a single-sign-on environment (hopefully). We just brought our first set of Windows-based PCs in, and would like to integrate them into our existing Linux/MacOS X environment. We are currently running MIT Kerberos, and would like to create a Samba PDC which authenticates against these KDCs. Another parallel project is to migrate to OpenLDAP. I

Does anyone know if the binaries provided by the Samba team are compiled with LDAP support? I've tried 2.2.8a and 3.0.0 for Debian, but both complain that the ldap parameters (like ldap server) for unknown. Rob

Hi, I have been playing with the latest alpha (samba-3.0alpha20) for a while now trying to get Kerberos and smbmount working together to access shares on a Windows 2000 Server SP3. As I understand it, without modifications to the code this should not work at all. I tried to make a few changes, namely setting c->use_kerberos=True and commenting out c->use_spnego=False. I also had to comment

Hi All, anyone else found that adding a Samba server to an AD domain appears to be incompatible with using an AD Kerberos realm to provide other Kerberised services such as NFS from the same UNIX host? Problem I have is that when you join an AD domain thorough Samba 3.x net command this creates a computer account in the AD to which the administrator does not know the account password. If you

Hi All, I am getting Kerberos "enc type" problem that I can't explain: [2005/06/11 11:41:29, 1, pid=29355] libads/kerberos_verify.c:ads_keytab_verify_ticket(61) ads_keytab_verify_ticket: krb5_kt_start_seq_get failed (No such file or directory) [2005/06/11 11:41:29, 3, pid=29355] libads/kerberos_verify.c:ads_secrets_verify_ticket(193) ads_secrets_verify_ticket: enc type [16]

Hi, Andrew, Thank you very much for your answer. Now our case is as below: 1, our client machine is the windows 2000 2, We want our Kerberos run in the Unix box. 3, We also want the samba as PDC for all windows user and machine. 4, We want integrate the Kerberos Authentication with samba authentication. So in this situation, can we get the kerberos login from the windows

Hello- i have a difficult problem and need to solve it (hopefully) before next week when classes start over here. i looked around the lists and couldn't find anything similar to what we're doing. perhaps you can help. our plan in the school of engineering is to let users authenticate with their uci.edu accounts to our school systems on solaris and win2k. we're using pam_krb5 + nis

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, After a bit of research and sniffing about, I am curious as to what it would take to run Samba3 with kerberos (MIT or Hemidal) as the password backend http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/s1-samba-servers.html Shows how you can use share mode ADS, with krb5 auth. Is it possible to use any KDC as the

Hi, I have been reading through the docs for Samba 3, and there is a lot of talk about how samba 3 can function in an AD domain as a member server and accept kerberos service tickets issued by an MS KDC. (net ads join, etc...) I have a slightly different twist on a similar situation. I have an MIT kerberos realm set up and my Windows2000 PCs get tickets from this realm on login just