2.2 support pass though authencation to Win2K AD?
david.touster at acecomm.com
david.touster at acecomm.com
Thu Jan 11 14:27:05 GMT 2001
Jerry, Thanks for your response,
For clarity, I should have stated that the Samba server will be a member of
the Windows 2000 AD domain.
Based on this, please clarify your comment: "Down the road. Native mode
client support will definitely
not be in 2.2."
Does anyone have experience using Samba with the Kerberos PAM? How about
it with Solaris 8's LDAP?
Thanks,
David
Gerald Carter
<gcarter at vali To: david.touster at acecomm.com
nux.com> cc: samba at us5.samba.org
Sent by: Subject: Re: 2.2 support pass though authencation to Win2K AD?
gcarter at aceco
mm.com
01/10/2001
11:30 PM
david.touster at acecomm.com wrote:
>
> 3rd posting, PLEASE HELP
>
> My assumption: I require Samba to pass though
> authencation to Windows 2000 Activer Directory using
> LDAP and Kerberos. (Samba will not be asked to
> store or update user passwords, etc. and Samba will
> NOT replace or try to be the Active Directory
> Domain Controller server)
>
> Will the current samba-2.2.0-alpha1 support the
> following environment: (If not which version
> will? Approximately, when will it be available?)
>
> Environment:
> 1. Windows 2000 Active Directory (AD) in "Native
> Mode" will be the authoritative source for
> all user authentications (UNIX and Windows), permissions, etc.
Down the road. Native mode client support will definitely
not be in 2.2.
> 2. UNIX: Solaris 8 with it's built in LDAP and
> Kerberos support configured to talk to AD (I'm still
> working on this)
I'm not sure I can comment on this. I know what you
are thinking, but I don't quite think it will do what
you expect.
> 3. Need to just share a few directories that reside
> on the UNIX server to the Windows 2000 workstations and
> would like to be able to print from UNIX to a
> Windows 2000 system running as a print server (print
> server could be a Win2K server and/or workstation)
You options would seem to be a standalone Samba server
allow some guest printing access. I'll let you work out the
file access.
Or a Win2k mixed mode domain controller and Samba as
a domain member.
> Follow-up questions:
> A. Does the Samba's PAM support for Kerberos work?
> In 2.0.7 as well?
PAM support for Kerberos? Samba has some Kerberos support
although I'm now sure how well it works. As well as
support for PAM authentication (requires plain text logons
from clients).
If you want to use a kerberos PAM module, that should
work fine, but is external to Samba.
> B. In case accessing directly to the Windows 2000 AD
> running in "Native Mode" based on the environment
> above is currently not a possibility, can PAM support be
> used for going through the local UNIX server that Samba
> (local LDAP and/or Kerberos) is running on?
See above comments about PAM.
> C. Can I turn off LAN Manager authencation/Protocol
> in Windows 2000 and go through (if I can) the local Solaris 8
> LDAP & Kerberos for authentication as well servicing the
> file and print requests? (All windows systems will
> be Windows 2000 - no 9x, ME, or NT will be used)
NT/2000 clients will use ntlmv1 to talk to Samba.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba
mailing list