[Samba] ADS with Kerberos trust

Fergus Linux at NerdIT.com
Sat Nov 15 03:42:00 GMT 2003 

Hi Fernando,
We are using Samba 3 and I got it to authenticate to ADS.. But the key
is to try and get it to authenticate to ADS using the alternative
kerberos mapping.  When you do thi mapping in AD you can login using
kerberos credentials.  I'm just not sure how to tell Samba to do this.

Fergus

-----Original Message-----
From: Fernando Fonseca [mailto:fernando.fonseca at triaton.com.br] 
Sent: Friday, 14 November 2003 9:31 PM
To: Fergus McKenzie-Kay; samba at lists.samba.org
Subject: Re: [Samba] ADS with Kerberos trust


Fergus,

What version of Samba are you using?

With the version 3.0 if you set ¨encrypt password = yes¨ in smb.conf you
will 
tell it to use Kerberos, but I think that you already do it.

Other parameter is the ¨security = ADS¨ that enable the search in ADS.








On Friday 14 November 2003 04:18, Fergus McKenzie-Kay wrote:
> Hi,
> We have an environment where we use LDAP and Kerberos and we are 
> having trouble setting up Samba with both of these. We also have a 
> win2k Active Directory server that has all the users mapped to our 
> kerberos realm.  Unfortunately when we try and configure to use the 
> Active Directory server for authentication it tries to use the native 
> win2k password and not the kerberos realm mapping. I have tried to set

> the smb.conf to the kerberos realm and the password server to the KDC 
> but I get: "session setup failed: NT_STATUS_NO_LOGON_SERVERS"
>
> Does anyone have any ideas how to make samba either use active 
> directory with the username mappings to kerberos?  Or simply use 
> kerberos authentication while and LDAP authorisation? I believe the 
> first solution would be easier as then AD would look after all the 
> details.. whereas when we tried to setup samba talking to kerberos and

> ldap, the ldap config needed changing and samba had to know how to 
> create users in kerberos and ldap.
>
> Any ideas would be appreciated.
>
> --
> Fergus McKenzie-Kay <Linux at NerdIT.com>

-- 
Fernando Fonseca
Network Administrator
Tel: +55(11)4039-9260
Triaton do Brasil

More information about the samba mailing list