[Samba] All-Linux LAN solution with windows compatibility

Simon Brenner simon.brenner at home.se
Sun Oct 19 11:51:52 GMT 2003

This is a school project, but you might find it interresting anyways ;-)

We have one server running Debian and a client also running Debian. On 
top of this we have ~5 mixed clients (windows and linux). This LAN will 
be merged with other LAN's later on (all of them running Windows 2000 
Active Directory)

The original plan was to use kerberos for one-login auth, OpenLDAP as 
directory server, and OpenAFS for file sharing. We have already fixed an 
IMAP mail server, that authenticates to our MIT KerberosV KDC.

All went fine up until the OpenAFS installation (kerberos was 
surprisingly easy to pull off, heard it was a PITA), and it seems 
impossible to install the Debian packages or to make from source, so 
we're looking towards Samba (this will probably simplify our merger with 
the windows groups later on, which is an additional plus).

Now to the question(s):

How do we make samba authenticate to our (custom) kerberos server? (My 
thought was that the kerberos and LDAP could emulate an AD domain, but 
perhaps that is impossible?)
Should we run samba as a PDC instead? ( :-( and we spent so much time 
installing kerberos)

If we need to run Samba as a PDC (Samba3 can be an AD PDC, can't it?), 
what will happen to our IMAP server that authenticates to the currently 
running kerberos KDC? What would we need to change to make it 
authenticate against Samba's AD kerberos?

- We want to enforce kerberos authentication for all clients.
- Windows compatability is very nice, since this LAN will be merged with 
a windows LAN later on
- IMAP authentication through kerberos

I (and we) would be very grateful for any help with this
We thank you, Revered Gurus of Samba ;-)
// Simon Brenner

More information about the samba mailing list