AFS versus Samba
Tom Hibbert
tom at nsp.co.nz
Tue Oct 21 20:51:22 GMT 2003
Hi all,
I am running an AFS tree with MIT kerberos 5 and an LDAP backend. Samba 3.0
also has an LDAP backend.
I am having problems providing a Samba interface to the AFS tree - Samba
sessions do not get an AFS ticket. It works if I ssh into the Samba server
and restart Samba because my user has a ticket and this is passed to the
Samba process.
I understand that the --fake-kaserver option requires the use of kaserver
which implies kerberos 4 authentication, so that is not an option. And I
cannot use plaintext AFS authentication because my clients are using crypted
passwords and i have no desire to put them on plaintext. What I am hoping to
do is make Samba acquire tickets via PAM (auth pam_openafs_session.so
set_token) but this is also not working. From what I have read the PAM
functionality will not work in Samba 3.
There is very little documentation on AFS interoperability with Samba. I
would really like to make this work because then I can isolate my AFS
servers and put them on a seperate network, with a single Samba gateway.
As I understand it when user foo connects to Samba a smbd owned by foo is
spawned. The smbd should have all the permissions of the user but in this
case does not receive an AFS ticket and is denied access to the AFS tree. Im
not up with the internals of Samba so I dont know what process Samba uses to
become user foo, but it is important that the Samba session receive the same
ticket as if user foo had logged in locally.
Any help would be much appreciated
Tom
More information about the samba-technical
mailing list