[Samba] Samba 3 and non-AD KDC
nuno at emd.be
Wed Mar 5 10:53:02 GMT 2003
We've been testing Samba 3 for some time now, and we had absolutely no
problems connecting it to Windows 2000 KDC, etc...
Now, we're trying to push it further and have it authenticate against a
non-windows KDC, and I have to admit that I am nowhere near to it. I've
seen a few discussions in this list regarding exactly this issue, but I
still don't get it ;-))
I have my KDC set up and it is working (I can authenticate linux users
with it). I compiled Samba 3 using --with-pam_krb5 and --with-krb5
It compiles and installs correctly, no problem.
My problem now is: what options can I use in smb.conf to enable this? I've
used realm = MYREALM.COM, password server = mykdc.myrealm.com, I even
played around with the security = ADS, which of course is not of much use
if you don't have AD.
And nothing I do seems to kick off "kerberization" of samba, it will never
try to get a ticket for any user. I've tested with both XP and 2K clients.
Any clues, pointers, tips are very very welcome.
Thanks in advance,
PS - Thanks for the great job you've been doing so far with Samba
PPS - Googling for my answers is no help - whenever you search for "samba
kerberos" or "samba KDC" you will always get links to the Active-Directory
integration. What we want is to eliminate AD completely and have our
windows boxes using our own KDC and LDAP directory.
More information about the samba