[Samba] Samba+Kerberos

[Helge Bahmann]

> 	Since Kerberos is a password storage only, and you are going to need
> other things, such as user uid/rid, homedir, etc., I recommend to go for
> Samba+LDAP (look for Samba PDC HOWTO on google).

Yes, sure; what I currently have:
- Kerberos as authentication service for Unix clients; Win2k clients "sort
of" working as well
- LDAP as directory service, basically just as a NIS replacement; of
course I can add required fields to the user objects for Samba
- NFS to serve files for Unix clients

what I would like to have is to use Samba to serve files to the windows
client, but have the windows clients use Kerberos to authenticate against
the Samba server using the Kerberos tickets obtained during login (instead
of something smbpasswd-like, be it stored as a flat file or kept in ldap)

> Then you can set up
> OpenLDAP to utilize Kerberos as a password backend. See
> http://www.bayour.com/LDAPv3-HOWTO.html for details.

Sure, but as far as I understand this only covers kerberos-authenticated
access to the ldap server (which I am interested in as well, but not at
the moment); it does not explain what I need to do to make samba accept
the Win2k kerberos tickets

Please correct me if I am wrong or unclear, I am not sure there may be
something fundamentally wrong in my understanding of the interaction of
the pieces.

Regards
-- 
Helge Bahmann <bahmann at math.tu-freiberg.de>             /| \__
The past: Smart users in front of dumb terminals       /_|____\
                                                     _/\ |   __)
$ ./configure                                        \\ \|__/__|
checking whether build environment is sane... yes     \\/___/ |
checking for AIX... no (we already did this)            |