[Samba] Re: Samba3 ADS without Microsoft?
mike at hogrider.org
Sun Oct 12 01:34:17 GMT 2003
Does this mean it would work if I 'domain join'ed an existing M$ ADS? another Samba ADS? My own Samba ADS? Perhaps if it were a Win2K client?
Thanks in advance. This should go a long way towards eliminating/replacing M$ in the workplace.
On 11 Oct 2003 11:28:58 +1000
Andrew Bartlett <abartlet at samba.org> wrote:
> On Sat, 2003-10-11 at 05:55, Mike wrote:
> > What I'm trying to accomplish is:
> > 1. kinit user at realm for krbtgt
> > 2. smbclient -k -L someserver
> > Server accepts tgt, extrapolates user info., and accepts authen.
> > This is an attempt at Microsoft server-free directory/kerberos
> > implementation. These steps work if using M$ server/ADS, so the
> > smbclient understands it.
> > Server accepts kerb. ticket, extrapolates principal, performs ldap
> > query on principal name for additional data, and accepts kerb. as
> > valid authen.
> > Suggestions?
> When Jeremy completes his work to allow us to use the existing host
> keytab, this should 'just work'. But for now, it doesn't, as we need
> to domain join password in secrets.tdb, which we add by joining the
> ADS realm.
> Andrew Bartlett
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba