[Samba] Re: Samba3 ADS without Microsoft?
Andrew Bartlett
abartlet at samba.org
Fri Oct 10 01:12:49 GMT 2003
On Thu, 2003-10-09 at 22:55, paul k wrote:
> John H Terpstra wrote:
>
> > On Wed, 8 Oct 2003, Mike wrote:
> >
> >
> >>I've setup samba to use ldap.
> >>I've propogated the directory.
> >>I've setup the kerberos realm.
> >>
> --snipp----
>
> > However, I'd appreciate a crystal clear understanding of precisely what
> > you are trying to implement and how you want it to work.
> >
> > - John T.
>
> Just guessing,
>
> -Setting up samba as PDC
> -Setting up (MIT) kerberos
> -Setting up LDAP
>
> -Storing account Information in LDAP
> -Creating a service ticket in kerberos like smbd/host.foo
> -Exporting to a keytab and telling samba where to look for
> -ksetup W2k SP3+ to use MIT REALM and map the principal to the
> sambaaccount in LDAP
> -authenticate to samba PDC with kerberos credentials obtained from the KDC
I think the last part will be the problem - really, you need to do the
full AD stuff for this. While it's a long way from production, there
is some work being done in this area.
Really, you should just use the NT domain stuff, and keep the passwords
in sync for now.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031010/0948efdc/attachment.bin
More information about the samba
mailing list