[Samba] samba, pam, ldap, and krb5

Lally, Keith R lally at bnl.gov
Mon Feb 25 11:01:13 GMT 2002

Hi all,
  I currently have a Debian linux system authenticating ssh 
logins through pam to our openldap server which then 
authenticates against our kdc.  The openldap userPassword 
attributes are of the form

userPassword: {KERBEROS}userid at MY.REALM

so authentication through openldap gets passed via SASL through
to our kdc.

  What I'm trying to do is get samba to authenticate the same
way.  When a user attempts to access a share the userid and 
pwd entered should authenticate with openldap which then 
authenticates with their kerberos principal in the kdc.  Is this 
possible?  I've been able to get samba to authenticate against ldap 
when the passwords are stored in ldap (lmPassword, ntpassword) but 
I want the authentication to pass through to our kerberos server.  

  Thanks for any advice.

Keith Lally
lally at bnl.gov

More information about the samba mailing list