[Samba] Samba 3 in MIT Kerberos Realm

John H Terpstra jht at samba.org
Wed Oct 22 06:22:59 GMT 2003 

On Wed, 22 Oct 2003, Aaron Rosenblum wrote:

> I would be willing to write up docs on this and send them to the
> community, should I get it working (with your help)...

Please send me your notes in any form convenient to you. I can convert
them to XML and will include them in the HOWTO.

Thanks for offering to help.

- John T.

>
> aaron
>
> On Oct 21, 2003, at 8:07 PM, Aaron Rosenblum wrote:
>
> > Hi,
> >
> > 	I have been reading through the docs for Samba 3, and there is a lot
> > of talk about how samba 3 can function in an AD domain as a member
> > server and accept kerberos service tickets issued by an MS KDC.  (net
> > ads join, etc...)
> > 	I have a slightly different twist on a similar situation.  I have an
> > MIT kerberos realm set up and my Windows2000 PCs get tickets from this
> > realm on login just fine.  I would like to set up a samba server as
> > purely a fileserver, and I want my PC clients to be able to mount
> > samba shares using Kerberos service tickets issued by my MIT KDC.  I
> > know many more people are probably using AD as their KDC, but we want
> > to decrease our reliance on AD.  (That is the idea, isn't it? :-) )
> > It seems like this should work. Is this possible?  If so, how do I
> > configure the samba server?  What do I tell my Kerberos admin to put
> > in the keytab for samba?  ie smbserver/my.host.com at my.realm.com ???
> >
> > As an addition, I am fine with managing my users locally on this samba
> > server (as opposed to binding to an LDAP server). Our KDC has a large
> > number of users in it, and I only want to give access to a very small
> > subset of these users.  I just want these users to be able to present
> > a service ticket from our MIT realm as authentication instead of being
> > prompted for a password.
> >
> > any input would be greatly appreciated..
> >
> > thanks
> >
> > Aaron
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list