[Samba] Samba-3 openldap gssapi auth to kerberos

Gémes Géza geza at kzsdabas.sulinet.hu
Wed Apr 7 16:00:55 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter Nyberg írta:
| Quoting Gémes Géza <geza at kzsdabas.sulinet.hu>:
|
|
|>-----BEGIN PGP SIGNED MESSAGE-----
|>Hash: SHA1
|>
|>Peter Nyberg írta:
|>| Hi!
|>| How do I configure smb.conf and/or Pam as a single sign on server if I
|>have a
|>| LDAP server with a Kerberos as password backend through gssapi?
|>| I only see either Samba/ldap as PDC or Samba/kerberos with ads on the
|>Internet.
|>| Not both at the same time?
|>| I've already configured samba with LDAP and Kerberos support.
|>Everything seams
|>| to works. I also configured Samba with ads and Pam support if needed?
|>|
|>Unfortunatelly not yet.
|>Windows clients need an MSPAC in their Kerberos tickets, and as usual
|>with M$ "inventions" they keep thats a trade secret, so currently only
|>AD Kerberos servers can do that.
|>However you can have a Heimdal Kerberos server (current snapshots) with
|>LDAP backend authenticate your UNIX users against NT password hashes.
|>For more info you can search the Heimdal or the Samba-technical mailing
|>lists.
|>
|>Cheers
|>
|>Geza
|
|
| In that case one miss the whole point with Kerberos accept for UNIX
and Mac OS X.
| Today I have 60 different UNIX, 45 Macintosh classic, 15 Macintosh OS
X and 150
| Windows 98/ME/NT/2000/XP. Maybe it's better to use ldap only until
they have a
| fully Kerberized solution, or whats you opinion?
|
|
Currently you can see the benefits from Kerberos only at UNIX (MacOsX is
also *NIX) hosts :-( .
It is up to you to use that advantage, or stick with an LDAP only (still
very good) solution.

Cheers


Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAdCW3/PxuIn+i1pIRAvXUAKCU1XU0Z6883qL2G11JGkoQ5WpW+QCfazK6
Hc9PI2X5tiJE5WTAek45lD0=
=uwfl
-----END PGP SIGNATURE-----



More information about the samba mailing list