[Samba] Re: Samba3 ADS without Microsoft?
Mike
mike at hogrider.org
Fri Oct 10 19:55:26 GMT 2003
What I'm trying to accomplish is:
1. kinit user at realm for krbtgt
2. smbclient -k -L someserver
Server accepts tgt, extrapolates user info., and accepts authen.
This is an attempt at Microsoft server-free directory/kerberos implementation. These steps work if using M$ server/ADS, so the smbclient understands it.
Server accepts kerb. ticket, extrapolates principal, performs ldap query on principal name for additional data, and accepts kerb. as valid authen.
Suggestions?
On Thu, 9 Oct 2003 01:49:38 +0000 (GMT)
John H Terpstra <jht at samba.org> wrote:
> On Wed, 8 Oct 2003, Mike wrote:
>
> > I've setup samba to use ldap.
> > I've propogated the directory.
> > I've setup the kerberos realm.
> >
> > I can authen to samba & browse shares via uid/passw held in ldap.
> >
> > I cannot seem to get samba to accept kerb authen instead of
> > uid/passw.
> >
> > Help......
>
>
> Mike,
>
> Please be a bit more precise in your description of what you are
> trying to achieve.
>
> Have you read the Samba-HOWTO-Collection.pdf? The chapters that deal
> with the controls your configuration will require are:
>
> Chapter 5, in particular section 5.4
> Chapter 7, in particular section 7.4
> Chapter 11
>
> However, I'd appreciate a crystal clear understanding of precisely
> what you are trying to implement and how you want it to work.
>
> - John T.
> --
> John H Terpstra
> Email: jht at samba.org
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list