[Samba] Re: Samba3 ADS without Microsoft?
John H Terpstra
jht at samba.org
Sun Oct 12 04:20:25 GMT 2003
On Sat, 11 Oct 2003, Mike wrote:
> Does this mean it would work if I 'domain join'ed an existing M$ ADS?
> another Samba ADS? My own Samba ADS? Perhaps if it were a Win2K
> client?
Samba can not be an ADS server - FYI.
- John T.
>
> Thanks in advance. This should go a long way towards
> eliminating/replacing M$ in the workplace.
>
> On 11 Oct 2003 11:28:58 +1000
> Andrew Bartlett <abartlet at samba.org> wrote:
>
> > On Sat, 2003-10-11 at 05:55, Mike wrote:
> > > What I'm trying to accomplish is:
> > >
> > > 1. kinit user at realm for krbtgt
> > > 2. smbclient -k -L someserver
> > >
> > > Server accepts tgt, extrapolates user info., and accepts authen.
> > >
> > >
> > > This is an attempt at Microsoft server-free directory/kerberos
> > > implementation. These steps work if using M$ server/ADS, so the
> > > smbclient understands it.
> > >
> > > Server accepts kerb. ticket, extrapolates principal, performs ldap
> > > query on principal name for additional data, and accepts kerb. as
> > > valid authen.
> > >
> > > Suggestions?
> >
> > When Jeremy completes his work to allow us to use the existing host
> > keytab, this should 'just work'. But for now, it doesn't, as we need
> > to domain join password in secrets.tdb, which we add by joining the
> > ADS realm.
> >
> > Andrew Bartlett
> >
> > --
> > Andrew Bartlett abartlet at pcug.org.au
> > Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> > Student Network Administrator, Hawker College abartlet at hawkerc.net
> > http://samba.org http://build.samba.org http://hawkerc.net
> >
>
>
>
>
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list