[Samba] Samba-3 openldap gssapi auth to kerberos

Gémes Géza geza at kzsdabas.sulinet.hu
Tue Apr 6 17:55:10 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter Nyberg írta:
| Hi!
| How do I configure smb.conf and/or Pam as a single sign on server if I
have a
| LDAP server with a Kerberos as password backend through gssapi?
| I only see either Samba/ldap as PDC or Samba/kerberos with ads on the
Internet.
| Not both at the same time?
| I've already configured samba with LDAP and Kerberos support.
Everything seams
| to works. I also configured Samba with ads and Pam support if needed?
|
Unfortunatelly not yet.
Windows clients need an MSPAC in their Kerberos tickets, and as usual
with M$ "inventions" they keep thats a trade secret, so currently only
AD Kerberos servers can do that.
However you can have a Heimdal Kerberos server (current snapshots) with
LDAP backend authenticate your UNIX users against NT password hashes.
For more info you can search the Heimdal or the Samba-technical mailing
lists.

Cheers

Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAcu7+/PxuIn+i1pIRAj/TAJ0eTZD8l5OsCdntJpscY5TyvhxyRwCcDZXf
LC0WRfcDiDObOICIm2p71aM=
=YWGc
-----END PGP SIGNATURE-----



More information about the samba mailing list