AFS with Samba PDC

Johan Hedin johanh at
Thu Sep 16 12:32:47 GMT 1999

We resently upgraded from NFS to AFS at our site. We have used Kerberos 4
(KTH-KRB) for a while now. For the Win95 clients, it's not a problem. Its
relatively easy to patch the clear text password Kerberos 4 support in
Samba to include AFS support as well. If no one done this, I will try to
get time to test and submit a patch doing this. However, to make the Samba
PDC AFS aware it's much more tricky. Has anyone done this? If not I have
two suggestion

1. Store the users Kerberos passwords as srvtabs on the local disk of the
   Samba PDC, and then obtain a ticket after the NT password validation is

2. Run the Samba PDC with an common AFS ticket on the local Samba machine,
   turn off wide links and tell the intereseted users to set the ACL such
   that Samba can read and write on their directories. In this scheme
   users must be prevented from mounting each other's volumes in their


The second issue is with the ticket lifetime. After the ticket has
expired, Samba should die forcing the NT machine to open a new connection
with a new ticket. This is not a problem for NT choosing the first scheme
above, but will be for the clear text password version.


Johan Hedin

| Johan Hedin                      | johanh at             |
| Ph.D. Student and System Manager | |

More information about the samba-ntdom mailing list