Samba + Kerberos backend - AD backend

kronda kronda at
Tue Dec 16 15:55:31 GMT 2008

Thanks for the answer.

paul kölle wrote:
> This is the main task. No Single Sign On, no
>> Kerberos tickets being passed between Samba client and Samba server, no
>> client membership in any domain. If possible I would prefere to not send
>> plain text passwords over net
> Probably not possible. You don't have (cleartext) passwords in LDAP so 
> none of the  challenge-response SASL mechanisms will work.

But this means that setting up Samba with Kerberos backend is impossible to
do without special configuration on each modern windows machine accessing
the server (because the default is encrypted password on Windows 2000,XP),
right? I did not want to hear that:( And I still do not see why samba can
pass (encrypted password) authentication to AD (which is basically
LDAP+Kerberos) and not to LDAP+Kerberos. Or am I wrong in this?

paul kölle wrote:
> BTW: this is quite off topic for samba.internals

I'm sorry, I did not realize what samba-technical means.

View this message in context:
Sent from the Samba - samba-technical mailing list archive at

More information about the samba-technical mailing list