[Samba] Samba 3 in MIT Kerberos Realm
Aaron Rosenblum
arosenbl at mac.com
Wed Oct 22 05:54:24 GMT 2003
I would be willing to write up docs on this and send them to the
community, should I get it working (with your help)...
aaron
On Oct 21, 2003, at 8:07 PM, Aaron Rosenblum wrote:
> Hi,
>
> I have been reading through the docs for Samba 3, and there is a lot
> of talk about how samba 3 can function in an AD domain as a member
> server and accept kerberos service tickets issued by an MS KDC. (net
> ads join, etc...)
> I have a slightly different twist on a similar situation. I have an
> MIT kerberos realm set up and my Windows2000 PCs get tickets from this
> realm on login just fine. I would like to set up a samba server as
> purely a fileserver, and I want my PC clients to be able to mount
> samba shares using Kerberos service tickets issued by my MIT KDC. I
> know many more people are probably using AD as their KDC, but we want
> to decrease our reliance on AD. (That is the idea, isn't it? :-) )
> It seems like this should work. Is this possible? If so, how do I
> configure the samba server? What do I tell my Kerberos admin to put
> in the keytab for samba? ie smbserver/my.host.com at my.realm.com ???
>
> As an addition, I am fine with managing my users locally on this samba
> server (as opposed to binding to an LDAP server). Our KDC has a large
> number of users in it, and I only want to give access to a very small
> subset of these users. I just want these users to be able to present
> a service ticket from our MIT realm as authentication instead of being
> prompted for a password.
>
> any input would be greatly appreciated..
>
> thanks
>
> Aaron
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list