[Samba] Samba 3, Win2K, and MIT KDC -- possible?

darkness darkness at invado.com
Fri Jan 24 09:59:00 GMT 2003

	After setting up Samba 3 I noticed the Windows 2000 box was
requesting a ticket from the KDC for HOST/<NETBIOS NAME>@MYREALM.COM
when it tried to connect to the Samba server.  I presume that W2K is
sending the ticket it is granted along to the Samba server.  If that
presumption is correct, is it possible to make Samba authenticate the
user with the Kerberos ticket they present?  If so, how do I need to
configure Samba and supporting software?

	I've got an MIT KDC set up in Linux along with OpenLDAP.
Linux (Red Hat 8.0) is quite happily doing Kerberos authentication and
using nss_ldap.  I've got a Windows 2000 workstation that is in a
workgroup -- not in a domain of any sorts.  It is authenticating
against the same MIT KDC on Linux (set up with KSETUP.EXE).  There is
no Active Directory server on my network.  I don't really want any of
the typical "domain" functionality; I don't mind having to create
local user accounts for each user on the Windows machines, etc.

	I can supply log output, install strange software, CVS, more
information on my environment, etc.  I've seen mentions in CVS of
Andrew Tridgell connecting to smbd with smbclient and an MIT KDC in
the middle, but no mention of whether this is possible with W2K in
place of smbclient.  Any help greatly appreciated.

Thanks in advance,

More information about the samba mailing list