[Samba] ADS with Kerberos trust

[Fernando Fonseca]

Fergus,

What version of Samba are you using?

With the version 3.0 if you set ¨encrypt password = yes¨ in smb.conf you will 
tell it to use Kerberos, but I think that you already do it.

Other parameter is the ¨security = ADS¨ that enable the search in ADS.








On Friday 14 November 2003 04:18, Fergus McKenzie-Kay wrote:
> Hi,
> We have an environment where we use LDAP and Kerberos and we are having
> trouble setting up Samba with both of these.
> We also have a win2k Active Directory server that has all the users
> mapped to our kerberos realm.  Unfortunately when we try and configure
> to use the Active Directory server for authentication it tries to use
> the native win2k password and not the kerberos realm mapping.
> I have tried to set the smb.conf to the kerberos realm and the password
> server to the KDC but I get:
> "session setup failed: NT_STATUS_NO_LOGON_SERVERS"
>
> Does anyone have any ideas how to make samba either use active directory
> with the username mappings to kerberos?  Or simply use kerberos
> authentication while and LDAP authorisation?
> I believe the first solution would be easier as then AD would look after
> all the details.. whereas when we tried to setup samba talking to
> kerberos and ldap, the ldap config needed changing and samba had to know
> how to create users in kerberos and ldap.
>
> Any ideas would be appreciated.
>
> --
> Fergus McKenzie-Kay <Linux at NerdIT.com>

-- 
Fernando Fonseca
Network Administrator
Tel: +55(11)4039-9260
Triaton do Brasil