[Samba] Re: Samba3 ADS without Microsoft?

John H Terpstra jht at samba.org
Sun Oct 12 04:20:25 GMT 2003


On Sat, 11 Oct 2003, Mike wrote:

> Does this mean it would work if I 'domain join'ed an existing M$ ADS?
> another Samba ADS?  My own Samba ADS?  Perhaps if it were a Win2K
> client?

Samba can not be an ADS server - FYI.

- John T.

>
> Thanks in advance.  This should go a long way towards
> eliminating/replacing M$ in the workplace.
>
> On 11 Oct 2003 11:28:58 +1000
> Andrew Bartlett <abartlet at samba.org> wrote:
>
> > On Sat, 2003-10-11 at 05:55, Mike wrote:
> > > What I'm trying to accomplish is:
> > >
> > > 1. kinit user at realm for krbtgt
> > > 2. smbclient -k -L someserver
> > >
> > > Server accepts tgt, extrapolates user info., and accepts authen.
> > >
> > >
> > > This is an attempt at Microsoft server-free directory/kerberos
> > > implementation.  These steps work if using M$ server/ADS, so the
> > > smbclient understands it.
> > >
> > > Server accepts kerb. ticket, extrapolates principal, performs ldap
> > > query on principal name for additional data, and accepts kerb. as
> > > valid authen.
> > >
> > > Suggestions?
> >
> > When Jeremy completes his work to allow us to use the existing host
> > keytab, this should 'just work'.   But for now, it doesn't, as we need
> > to domain join password in secrets.tdb, which we add by joining the
> > ADS realm.
> >
> > Andrew Bartlett
> >
> > --
> > Andrew Bartlett                                 abartlet at pcug.org.au
> > Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> > Student Network Administrator, Hawker College   abartlet at hawkerc.net
> > http://samba.org     http://build.samba.org     http://hawkerc.net
> >
>
>
>
>

-- 
John H Terpstra
Email: jht at samba.org



More information about the samba mailing list