HOWTO: Kerberos domain Join

Andrew Bartlett abartlet at
Thu May 19 10:20:53 GMT 2005

On Thu, 2005-05-19 at 11:52 +1000, Andrew Bartlett wrote:
> This is an attempt to document the process required to perform a domain
> join of WinXP to Samba4, using Kerberos.  It assumes you already have
> followed tridge's tute on installing Samba4 as a DC, and have the config
> setup for that much.

In following tridge's tute (which was a reference to an impromptu, in-
person tutorial we did just before the first talks at SambaXP), folks
would have been made aware of the security issues.

As most people on this list were not there, I should reiterate:

Current Samba4 (and I do not in any way refer to our shipping, stable
Samba <= 3.0 versions here) has *no security* over the administrative
interfaces.  This means that the anonymous account can *RESET* the admin
password at will.  They can also read it, over LDAP, and do other nasty

Keep this on your test networks, boys and girls!

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list