Samba + Kerberos backend - AD backend

paul paul at
Tue Dec 16 22:45:03 GMT 2008

kronda schrieb:
> Thanks for the answer.
> paul kölle wrote:
>> This is the main task. No Single Sign On, no
>>> Kerberos tickets being passed between Samba client and Samba server, no
>>> client membership in any domain. If possible I would prefere to not send
>>> plain text passwords over net
>> Probably not possible. You don't have (cleartext) passwords in LDAP so 
>> none of the  challenge-response SASL mechanisms will work.
To clarify: This was only referring to "not send plaintext passwords 
over the net".

> But this means that setting up Samba with Kerberos backend is impossible to
> do without special configuration on each modern windows machine accessing
> the server (because the default is encrypted password on Windows 2000,XP),
> right? I did not want to hear that:( And I still do not see why samba can
> pass (encrypted password) authentication to AD (which is basically
> LDAP+Kerberos)
I often hear this from the linux freetard crowd. They use the word 
"basically" to gloss over things they don't want to realize.


More information about the samba-technical mailing list