[Samba] samba 3.0 kerberos question
Bob Bartels
zibit at andromeda.uc.utoledo.edu
Wed Oct 29 15:08:27 GMT 2003
Axel,
So far this is what I've found out:
Once you modify all the pam.d modules you want to authenticate with by adding
winbind.so ( ssh, login, su, xdm etc.) and gotten the logins to work... The
next problem is uid/gui mappings from the AD->unix. Then comes the mounting
of the users directory from an AD. So far the only solution I've found is to
use
http://uranus.it.swin.edu.au/~jn/linux/smbfs/
This loads a daemon that gets userid and passwd from winbind. It then uses
that info to bascially use smbmount with the login credentials to mount the
users home dir at login time.
I don't know how to parse the AD to get the actual home directory...At this
point our home dirs are all going to be DFS$ mounts on the windows servers. I
need to parse the Active Directory for this and then pipe that info to smbfs.
Then all my AD users should be able to login to our shared unix server and
find themselves in their unified home directory. I'm sure permission issues
will be the next hurdle.
If anyone has a better solution or a howto in the works as to this type of
scenerio/solution - Windows AD userbase who need to use a unix server for
research and want a unified homedir/account setup.
Thanks
Bob
> Quoting Andrew Bartlett <abartlet at samba.org>:
> > On Thu, 2003-10-23 at 06:19, Bob Bartels wrote:
> > > I have successfully joined a machine to a active directory and got a
> >
> > kerberos
> >
> > > session ticket.
> > >
> > > Smbclient //server/share$ -k works and allows me access to the dirs on
> > > a server in the domain in which I authenticated and received a krb
> > > ticket
> >
> > from.
> >
> > > smbmount //server/share$ /localmount -o krb Should work as
> > > well...right??
> >
> > NO!
> >
> > > I get this error when I try it:
> > >
> > > Warning: kerberos support will only work for samba servers
> > > Anonymous login successful
> > > 2348: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
> > > SMB connection failed
> > >
> > >
> > > Why is this happening and is there a way to mount a sharepoint after
> >
> > getting a
> >
> > > kerberos ticket without having the re-authenticate?
> >
> > Not with smbfs. It is hoped that the CIFS VFS will get better in this
> > regard.
>
> So is there any solution to use smb shares (on Samba AND Windows Servers)
> as home directories for linux users with all their consequences? I mean
> automatically mount them at boot time, use pam_mkhomedir with them, single
> signon during the logon process, etc.
>
> That's what I was expecting from the release of Samba 3.0, centralized home
> directories for Windows and Linux users in heterogeneous networks resulting
> in dramatically reduced administration efforts and the end of not
> unnecessary redundant information... Kerberos is the key to that scenario.
>
> Regards,
>
> Axel Suppantschitsch.
>
> Dipl.-Ing. (FH) Axel Suppantschitsch
> ---
> FH JOANNEUM Gesellschaft mbH
> University of Applied Sciences
> Department of Information Management
> Operating System Technologies
> Alte Poststrasse 147, A-8020 Graz
> www.fh-joanneum.at
More information about the samba
mailing list