HOWTO: Kerberos domain Join
Andrew Bartlett
abartlet at samba.org
Thu May 19 10:20:53 GMT 2005
On Thu, 2005-05-19 at 11:52 +1000, Andrew Bartlett wrote:
> This is an attempt to document the process required to perform a domain
> join of WinXP to Samba4, using Kerberos. It assumes you already have
> followed tridge's tute on installing Samba4 as a DC, and have the config
> setup for that much.
In following tridge's tute (which was a reference to an impromptu, in-
person tutorial we did just before the first talks at SambaXP), folks
would have been made aware of the security issues.
As most people on this list were not there, I should reiterate:
Current Samba4 (and I do not in any way refer to our shipping, stable
Samba <= 3.0 versions here) has *no security* over the administrative
interfaces. This means that the anonymous account can *RESET* the admin
password at will. They can also read it, over LDAP, and do other nasty
things.
Keep this on your test networks, boys and girls!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050519/f22a24fb/attachment.bin
More information about the samba-technical
mailing list