Samba + Kerberos backend - AD backend
paul at subsignal.org
Tue Dec 16 22:45:03 GMT 2008
> Thanks for the answer.
> paul kölle wrote:
>> This is the main task. No Single Sign On, no
>>> Kerberos tickets being passed between Samba client and Samba server, no
>>> client membership in any domain. If possible I would prefere to not send
>>> plain text passwords over net
>> Probably not possible. You don't have (cleartext) passwords in LDAP so
>> none of the challenge-response SASL mechanisms will work.
To clarify: This was only referring to "not send plaintext passwords
over the net".
> But this means that setting up Samba with Kerberos backend is impossible to
> do without special configuration on each modern windows machine accessing
> the server (because the default is encrypted password on Windows 2000,XP),
> right? I did not want to hear that:( And I still do not see why samba can
> pass (encrypted password) authentication to AD (which is basically
I often hear this from the linux freetard crowd. They use the word
"basically" to gloss over things they don't want to realize.
More information about the samba-technical