[Samba] Samba 3 in MIT Kerberos Realm
abartlet at samba.org
Wed Oct 22 13:25:56 GMT 2003
On Wed, 2003-10-22 at 10:07, Aaron Rosenblum wrote:
> I have been reading through the docs for Samba 3, and there is a lot
> of talk about how samba 3 can function in an AD domain as a member
> server and accept kerberos service tickets issued by an MS KDC. (net
> ads join, etc...)
> I have a slightly different twist on a similar situation. I have an
> MIT kerberos realm set up and my Windows2000 PCs get tickets from this
> realm on login just fine. I would like to set up a samba server as
> purely a fileserver, and I want my PC clients to be able to mount samba
> shares using Kerberos service tickets issued by my MIT KDC. I know
> many more people are probably using AD as their KDC, but we want to
> decrease our reliance on AD. (That is the idea, isn't it? :-) ) It
> seems like this should work. Is this possible? If so, how do I
> configure the samba server? What do I tell my Kerberos admin to put in
> the keytab for samba? ie smbserver/my.host.com at my.realm.com ???
This needs work - Jeremy was looking into the matter, but I'm not sure
what state it got to. That said, if you have the windows side taking
the kerberos tickets, the rest only a matter of unwinding samba's 'not
using the keytab' work.
> As an addition, I am fine with managing my users locally on this samba
> server (as opposed to binding to an LDAP server). Our KDC has a large
> number of users in it, and I only want to give access to a very small
> subset of these users. I just want these users to be able to present a
> service ticket from our MIT realm as authentication instead of being
> prompted for a password.
Only users in /etc/passwd will be authenticated.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031022/4ffa90c3/attachment.bin
More information about the samba