2.2 support pass though authencation to Win2K AD?

Gerald Carter gcarter at valinux.com
Thu Jan 11 04:30:35 GMT 2001


david.touster at acecomm.com wrote:
> 
> 3rd posting, PLEASE HELP
> 
> My assumption: I require Samba to pass though 
> authencation to Windows 2000 Activer Directory using 
> LDAP and Kerberos.  (Samba will not be asked to
> store or update user passwords, etc. and Samba will 
> NOT replace or try to be the Active Directory 
> Domain Controller server)
> 
> Will the current samba-2.2.0-alpha1 support the 
> following environment: (If not which version 
> will?    Approximately, when will it be available?)
> 
> Environment:
> 1.  Windows 2000 Active Directory (AD) in "Native 
> Mode" will be the authoritative source for 
> all user authentications (UNIX and Windows), permissions, etc.

Down the road.  Native mode client support will definitely 
not be in 2.2.

> 2.  UNIX:  Solaris 8 with it's built in LDAP and 
> Kerberos support configured to talk to AD  (I'm still 
> working on this) 

I'm not sure I can comment on this.  I know what you 
are thinking, but I don't quite think it will do what 
you expect.

> 3.  Need to just share a few directories that reside 
> on the UNIX server to the Windows 2000 workstations and 
> would like to be able to print from UNIX to a 
> Windows 2000 system running as a print server (print 
> server could be a Win2K server and/or workstation)

You options would seem to be a standalone Samba server
allow some guest printing access.  I'll let you work out the
file access.

Or a Win2k mixed mode domain controller and Samba as 
a domain member.

> Follow-up questions:
> A.  Does the Samba's PAM support for Kerberos work?   
> In 2.0.7 as well?

PAM support for Kerberos?  Samba has some Kerberos support
although I'm now sure how well it works.  As well as 
support for PAM authentication (requires plain text logons
from clients).

If you want to use a kerberos PAM module, that should 
work fine, but is external to Samba.

> B.  In case accessing directly to the Windows 2000 AD 
> running in "Native Mode" based on the environment 
> above is currently not a possibility, can PAM support be 
> used for going through the local UNIX server that Samba
> (local LDAP and/or Kerberos) is running on?

See above comments about PAM.

> C.  Can I turn off LAN Manager authencation/Protocol 
> in Windows 2000 and go through (if I can) the local Solaris 8 
> LDAP & Kerberos for authentication as well servicing the 
> file and print requests?  (All windows systems will
> be Windows 2000 - no 9x, ME, or NT will be used)

NT/2000 clients will use ntlmv1 to talk to Samba.






Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )






More information about the samba mailing list