Use of kerberos in python samdb script
Alexander Bokovoy
ab at samba.org
Sat May 11 23:57:12 MDT 2013
Hi,
On Sun, May 12, 2013 at 3:13 AM, William Brown <
william.e.brown at adelaide.edu.au> wrote:
> Hi,
>
> I am attempting to write a python script using the samba.samdb SamDB
> module. I
> am attempting to authenticate via kerberos with this.
>
> My script is:
>
> #WARNING - This requires you to erase samba-python and samba-dc on
> fedora!!!!
> import sys
> sys.path.append('/opt/samba4/lib64/python2.7/site-packages')
>
> from samba.samdb import SamDB
> from samba import ldb
> from samba.param import LoadParm
> from samba.auth import system_session
> from samba.credentials import Credentials, AUTO_USE_KERBEROS,
> MUST_USE_KERBEROS
>
> import getpass
>
> lp = LoadParm()
> creds = Credentials()
> creds.guess(lp)
> creds.set_username('william')
> creds.set_kerberos_state(AUTO_USE_KERBEROS)
> #creds.set_password(getpass.getpass('Samba password #'))
>
Credentials object makes its decision based on LoadParm content. Some of
functions LoadParm uses internally make Credentials to believe smb.conf
values were overridden from command line and always resort to use password.
This is, in particular related to workgroup and realm values. Easiest way
is to have empty smb.conf as LoadParm. Here is what I use in FreeIPA's code:
....
self._parm = param.LoadParm()
self._parm.load(os.path.join(ipautil.SHARE_DIR,"smb.conf.empty"))
self._parm.set('netbios name', self.flatname)
self._creds = credentials.Credentials()
self._creds.set_kerberos_state(credentials.MUST_USE_KERBEROS)
self._creds.guess(self._parm)
self._creds.set_workstation(self.flatname)
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list