[Samba] Samba-3 openldap gssapi auth to kerberos
geza at kzsdabas.sulinet.hu
Wed Apr 7 16:00:55 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Peter Nyberg írta:
| Quoting Gémes Géza <geza at kzsdabas.sulinet.hu>:
|>-----BEGIN PGP SIGNED MESSAGE-----
|>Peter Nyberg írta:
|>| How do I configure smb.conf and/or Pam as a single sign on server if I
|>| LDAP server with a Kerberos as password backend through gssapi?
|>| I only see either Samba/ldap as PDC or Samba/kerberos with ads on the
|>| Not both at the same time?
|>| I've already configured samba with LDAP and Kerberos support.
|>| to works. I also configured Samba with ads and Pam support if needed?
|>Unfortunatelly not yet.
|>Windows clients need an MSPAC in their Kerberos tickets, and as usual
|>with M$ "inventions" they keep thats a trade secret, so currently only
|>AD Kerberos servers can do that.
|>However you can have a Heimdal Kerberos server (current snapshots) with
|>LDAP backend authenticate your UNIX users against NT password hashes.
|>For more info you can search the Heimdal or the Samba-technical mailing
| In that case one miss the whole point with Kerberos accept for UNIX
and Mac OS X.
| Today I have 60 different UNIX, 45 Macintosh classic, 15 Macintosh OS
X and 150
| Windows 98/ME/NT/2000/XP. Maybe it's better to use ldap only until
they have a
| fully Kerberized solution, or whats you opinion?
Currently you can see the benefits from Kerberos only at UNIX (MacOsX is
also *NIX) hosts :-( .
It is up to you to use that advantage, or stick with an LDAP only (still
very good) solution.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba