[Samba] Samba-3 openldap gssapi auth to kerberos

Peter Nyberg Peter.Nyberg at dbb.su.se
Wed Apr 7 08:21:01 GMT 2004

Quoting Gémes Géza <geza at kzsdabas.sulinet.hu>:

> Hash: SHA1
> Peter Nyberg írta:
> | Hi!
> | How do I configure smb.conf and/or Pam as a single sign on server if I
> have a
> | LDAP server with a Kerberos as password backend through gssapi?
> | I only see either Samba/ldap as PDC or Samba/kerberos with ads on the
> Internet.
> | Not both at the same time?
> | I've already configured samba with LDAP and Kerberos support.
> Everything seams
> | to works. I also configured Samba with ads and Pam support if needed?
> |
> Unfortunatelly not yet.
> Windows clients need an MSPAC in their Kerberos tickets, and as usual
> with M$ "inventions" they keep thats a trade secret, so currently only
> AD Kerberos servers can do that.
> However you can have a Heimdal Kerberos server (current snapshots) with
> LDAP backend authenticate your UNIX users against NT password hashes.
> For more info you can search the Heimdal or the Samba-technical mailing
> lists.
> Cheers
> Geza

In that case one miss the whole point with Kerberos accept for UNIX and Mac OS X.
Today I have 60 different UNIX, 45 Macintosh classic, 15 Macintosh OS X and 150
Windows 98/ME/NT/2000/XP. Maybe it's better to use ldap only until they have a
fully Kerberized solution, or what’s you opinion?

Peter Nyberg
Institutionen för Biokemi och Biofysik
Arrheniusvägen 12
Tel: 08-16 24 69
Mobil: 070 339 24 69
Fax 153679

More information about the samba mailing list