[Samba] Kerberos and Samba

Aaron Rosenblum arosenbl at mac.com
Sat Apr 10 22:22:24 GMT 2004

What I think you are trying to do is have a Samba file server be a member of a Kerbreros (MIT) realm outside of the use of Active Directory.  In my experience, I have not been able to get this to work, since although samba seems to be able to use LDAP for user account information, it can't seem to be able to use an MIT based KDC authentication backend.  To do this, you would need to be able to install a keytab file on your samba server so it would work with your KDC.  I have not been able to figure out how to do this (although you can get it to work with an AD KDC).  I would love to hear otherwise because we need this ability for our site as well.


On Saturday, April 10, 2004, at 06:09AM, Sensei <senseiwa at tin.it> wrote:

>I've built an afs cell, a kerberos kdc, an openldap server, all 
>kerberized. Now all linux clients can login on the cell using k5 
>authentication, finding informations about their home dirs with ldap. 
>Their home reside on the afs cell, which allows r/w access since it 
>releases a token from the k5 ticket. All macosx clients can login as 
>well... but what about windows? ^___^;;; 
>I've been sent here from a kerberos group, telling me samba could be
>I'd like to avoid creating windows users on every windows client... and
>I know I can set up an AD server, creating users on kerberos/afs/ldap
>AND the same users on AD... quite long... 
>Is samba of any use? Can I grant tickets and tokens via samba, mapping
>windows home directories on the afs home dir? This information can be
>retrieved from openldap... 
>Any hint?
>Sensei    <mailto:senseiwa at tin.it>
>          <icqnum:241572242>
>          <msn-id:Sensei_Sen at hotmail.com>
>A)bort, R)etry, I)nfluence with large hammer.
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list