[Samba] OpenLDAP,heimdal kerberos,sasl, wich order?

José Ildefonso Camargo Tolosa icamargo at merkurio.com.ve
Wed Apr 14 06:50:28 GMT 2004


I have been reading for about two weeks (maybe I'm reading on the wrong 
places).  I have found as many documents as one could expect describind 
how to build a LDAPv3 server, or how to build samba with ldap.  This 
far, I have failed, and have a BIG confution in the order in wich the 
things should go:

In one document, they recommend this:

samba -> ldap -> sasl -> kerberos (so, the passwords gets stored in the 
kerberos database, at least that's what they says, but..... does the 
samba schema do this in fact? does the samba passwords will be kept in 
the kerberos database?, or it just store the passwords in the ldap's 

In other (simplier):

samba -> ldap
kerberos -> ldap (thus, storing the kerberos passwords in the ldap 

All that I'm trying to do is to get a PDC with a directory service, but 
I need it to be secure (that's why I'm bothering with kerberos).  
Anyway, I would like to know: in wich order should I build the thing?:

Build orders:

1. kerberos, next sasl, next ldap, next samba (configured for samba -> 
ldap -> sasl -> kerberos).
2. ldap, next samba (just samba -> ldap,  without kerberos password 

Also, If I use the option 1, should the windows clients use a kerberos 
client?, or they just login as usual.  Has anybody tested something like 

My system:

+ Athlon XP 1500+, 512Mb RAM (133).

+ Slackware 9.1 (with kernel 2.6.5), and most recent upgrades of all 
+ OpenLDAP 2.2.8
+ kerberos: MIT kerberos 1.3.2 (read somewhere that it has thread 
issues, I'm thinking to move to heimdal, any sujestions?), heimdal 0.6.1.
+ samba 3.0.2a
+ cyrus sasl 2.1.18
+ berkley db 4.2.52
+ open ssl 0.9.7d.

Thanks in advance for your help,


Ildefonso Camargo
icamargo at merkurio.com.ve

More information about the samba mailing list