HOWTO: Kerberos domain Join

Andrew Bartlett abartlet at samba.org
Thu May 19 10:20:53 GMT 2005


On Thu, 2005-05-19 at 11:52 +1000, Andrew Bartlett wrote:
> This is an attempt to document the process required to perform a domain
> join of WinXP to Samba4, using Kerberos.  It assumes you already have
> followed tridge's tute on installing Samba4 as a DC, and have the config
> setup for that much.

In following tridge's tute (which was a reference to an impromptu, in-
person tutorial we did just before the first talks at SambaXP), folks
would have been made aware of the security issues.

As most people on this list were not there, I should reiterate:

Current Samba4 (and I do not in any way refer to our shipping, stable
Samba <= 3.0 versions here) has *no security* over the administrative
interfaces.  This means that the anonymous account can *RESET* the admin
password at will.  They can also read it, over LDAP, and do other nasty
things.

Keep this on your test networks, boys and girls!

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050519/f22a24fb/attachment.bin


More information about the samba-technical mailing list