similar to: Samba, Kerberos and LDAP Question

Hi everyone I'm trying to use kerberos to authenticate to Samba 4 ldap. At the moment, I authenticate by specifying the binddn and password in /etc/nslcd.conf and all works fine If I add the line: sasl_mech GSSAPI to /etc/nslcd.conf and restart nslcd, no one can connect to the database. Nothing works. ldapsearch and getent passwd draw a blank. ldapsearch -x -b '' -sbase

So like at least a handful of people before me I have begun the valiant stugle to unify logins at my place of business. I have setup a test LDAP + Kerberos V cluster. And I have Setup a test Samba 3 PDC. What I would like to do is get Samba to handle kerberos ticket granting and authentication to the (LDAP + Kerberos V) Directory. Such that Windows is completely unaware of the existence of

Hello. I'm trying to implement a single-sign-on system with MIT-Kerberos and OpenLDAP. These two are currently working pretty well, but now I'm trying to add samba to this system. I've found a lot of tutorials about samba PDC with LDAP backend, but this is of course not quite what I want. My passwords are stored in the kerberos database and userdata is stored in LDAP. Is there a way to

On 14/04/2023 17:48, Daniel Lakeland via samba wrote: > On 4/14/23 09:16, Rowland Penny via samba wrote: >> >> >> This intrigued me, so I went and tried this and you need three computers: >> >> A samba AD DC (perhaps a computer just running a KDC, but I didn't try >> this) >> A Samba Unix domain member running as a fileserver >> A Samba

Hi! Perhaps this is not the appropiate list, but I need some advices. I have a working Samba PDC with a LDAP backend over a secure TLS connection, with W2000 and XP clients. I've readed in a lot of places that Kerberos is a very nice thing to have in the setup but I cannot see why. I know the foundations of kerberos but I can't see how much "value" will add to the setup.

On 14/04/2023 17:02, Daniel Lakeland via samba wrote: > On 4/14/23 02:47, Christian Naumer via samba wrote: >> We are only talking about joining your server to your REALM not the >> clients. >> >> It is possible to do this. See this example for FreeIPA: >> >>

I'm a little confused on one section here... Where are your passwords being stored? kerberos? If so, how does samba look there? What is the significance of the {SASL}USER at REALM in LDAP? Is there another password store that you are syncing with krb? Sorry for my ignorance here but after hours and hours of trying different things, I'm unable to use my kerberos backend with samba.

We use pGINA (www.pgina.org) to authenticate windows user logins via ldaps:// against the university directory. Don't know if that will fit your model, but it works for us. ---------------------------------------------- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 "Don't Blend in..."

Hi all, First, sorry for posting this mail in a Samba-list, I first posted it to ldap@umich.edu which should be a general LDAP discussion list and also to OpenLDAP mailinglist. So far I didn't got a single reply in any of those lists but that's probably because this issue is much more AD-related than plain LDAP. And we know that beside MS the Samba developers know most about AD :-) So

Hi, I built an apache config which combines Kerberos-Authentication and LDAP-Authorization to allow SSO and require ldap-group at the same time. I think this might be interesting to add to [1], but before that, I would like to have it double-checked, to be sure that it adds no security issues. The steps to create the keytab file, etc are from the other two guides, except that the user

Ok after installing libpam-winbind etc I had someone try to connect from a MacOS and they got: [2023/04/13 15:50:50.002773,? 1] ../../source3/auth/auth_generic.c:211(auth3_generate_session_info_pac) ? auth3_generate_session_info_pac: Unexpected PAC for [testuser at OURREALM.REALM] in standalone mode - NT_STATUS_BAD_TOKEN_TYPE [2023/04/13 15:50:50.002891,? 3]

So I have this centos 5.10 box which authenticates network users against ldap(authorizing)+kerberos(authentication). And I now would like to have sudo be able to allow admins (netgroup chinbeards) to sudo about. I am not using sssd though (yet). Here is the output of me trying sudo (debug on): [raub at centos5-x64 ~]$ sudo pwd LDAP Config Summary =================== uri

Hi, Back to a while ago, someone mentioned about taking pGINA code to samba, so samba can work against LDAP authentication, but instead of using the sambaNTPassword and sambaLMPassword, this way samba can use the userPassword field directly. This sounds very promissing because we can then just use one set of passwords. It may be not usable in a domain enviroment where machine accounts and other

Hi. I am tinkering with PADL and Kerberos PAM, so that I can have account authentication and directory directly to AD KDC/LDAP. I always thought that windbind provided support for NT-style PDC for authentication and referencing account-directory, and thus only work in AD mixed-mode where PDC emulator is used for backwards compatibility. However, I was reading a book that seemed to indicate that

From: "Bryan J. Smith <b.j.smith at ieee.org>" > So? I've been authenticating Samba against NIS servers since > the mid-'90s ... > You can even use pGINA to replace your NT/200x/XP login to > authenticate against other servers ... > If you are the former, you _can_ switch _away_ from CIFS altogether! > Samba will _never_ reverse engineer all of

On 4/14/23 02:47, Christian Naumer via samba wrote: > We are only talking about joining your server to your REALM not the > clients. > > It is possible to do this. See this example for FreeIPA: > > https://freeipa.readthedocs.io/en/latest/designs/adtrust/samba-domain-member.html#domain-member-configuration-overview > > > But as you can see it is more complicated that

Hello, We're starting to use FreeIPA in house (which is awesome btw) which means that Kerberos and TLS client certificate authentication is suddenly quite easy. Im looking for a list of common Linux services with data on how one can Authenticate/Authorise for these services. * httpd support TLS client certificate authentication and Kerberos * rabbitmq supports TLS client certificate

Hi all, I'm under the gun to rid ourselves of the nt4 PDC which we currently use. options are A/D, samba, pgina. I really dig pgina, but dont think I can pass citrix credentials properly :( So I'm left with samba vs A/D. A/D is well,, ummmmm A/D, so tyring to avoid it. Currently have used Samba file servers for years. Have played with Samba PDC with2.2 Now, going to try

I am trying to figure out if I can setup samba to verify only passwords against LDAP and keep everything else local. Anyone know how to set this up?

On Mon, 1 Dec 2014, Gaiseric Vandal wrote: > On 12/01/14 11:17, Tiit Kaeeli wrote: >>> Is it possible for windows clients to authenticate against kerberos and >>> receive tickets from a Samba3 PDC, when kerberos server is MIT kerberos >>> running on a Linux server, not a Windows AD server? >>> >>> https://help.ubuntu.com/community/Samba/Kerberos