[Samba] Re: Samba3 ADS without Microsoft?

Andrew Bartlett abartlet at samba.org
Fri Oct 10 01:12:49 GMT 2003

On Thu, 2003-10-09 at 22:55, paul k wrote:
> John H Terpstra wrote:
> > On Wed, 8 Oct 2003, Mike wrote:
> > 
> > 
> >>I've setup samba to use ldap.
> >>I've propogated the directory.
> >>I've setup the kerberos realm.
> >>
> --snipp----
> > However, I'd appreciate a crystal clear understanding of precisely what
> > you are trying to implement and how you want it to work.
> > 
> > - John T.
> Just guessing,
> -Setting up samba as PDC
> -Setting up (MIT) kerberos
> -Setting up LDAP
> -Storing account Information in LDAP
> -Creating a service ticket in kerberos like smbd/host.foo
> -Exporting to a keytab and telling samba where to look for
> -ksetup W2k SP3+ to use MIT REALM and map the principal to the 
> sambaaccount in LDAP
> -authenticate to samba PDC with kerberos credentials obtained from the KDC

I think the last part will be the problem - really, you need to do the
full AD stuff for this.    While it's a long way from production, there
is some work being done in this area.

Really, you should just use the NT domain stuff, and keep the passwords
in sync for now.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031010/0948efdc/attachment.bin

More information about the samba mailing list