Samba 4, LDAP and KRB
Andrew Bartlett
abartlet at samba.org
Mon Aug 29 12:21:33 GMT 2005
On Mon, 2005-08-29 at 11:03 +0200, Cédric CACHAT wrote:
> Hello,
>
> I was advised to subscribe to this mailing list so here is a copy of the
> message I sent to the general samba list to describe what I am trying to
> achieve:
> I want to set up a samba server to replace an Active Directory for my
> Windows workstations.
> So far, I have a LINUX network that works perfectly, all my users are
> stored in a LDAP server (openldap) and their authentication is done
> against a MIT Kerberos server. Hence all users have a valid kerberos
> ticket when they log onto a machine in the Network.
> I want to include my Windows machines to my linux network.
> From what I understood, Samba can fake an AD so Windows authentication
> at login is done against the Samba server.
> So here we go with the questions:
> - can Samba use my existing LDAP & Kerberos servers to authenticate
> users?
Not without modification. Even when we get good mapping modules in
place it's won't be a drop into existing infrastructure, as there is so
much more data to store. I hope we will be able to produce a compromise
modal which can 'bolt onto' an existing corporate LDAP server, but this
doesn't exist yet. In the short term, it is a replacement LDAP server.
Samba will provide it's own kerberos server, based off the data in it's
LDB.
Finally, for a file-server role, we will be able to be in a MIT realm.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050829/307afca1/attachment.bin
More information about the samba-technical
mailing list