[Samba] OpenLDAP,heimdal kerberos,sasl, wich order?
José Ildefonso Camargo Tolosa
icamargo at merkurio.com.ve
Wed Apr 14 06:50:28 GMT 2004
Hi!
I have been reading for about two weeks (maybe I'm reading on the wrong
places). I have found as many documents as one could expect describind
how to build a LDAPv3 server, or how to build samba with ldap. This
far, I have failed, and have a BIG confution in the order in wich the
things should go:
In one document, they recommend this:
samba -> ldap -> sasl -> kerberos (so, the passwords gets stored in the
kerberos database, at least that's what they says, but..... does the
samba schema do this in fact? does the samba passwords will be kept in
the kerberos database?, or it just store the passwords in the ldap's
database).
In other (simplier):
samba -> ldap
and:
kerberos -> ldap (thus, storing the kerberos passwords in the ldap
(duh...)).
All that I'm trying to do is to get a PDC with a directory service, but
I need it to be secure (that's why I'm bothering with kerberos).
Anyway, I would like to know: in wich order should I build the thing?:
Build orders:
1. kerberos, next sasl, next ldap, next samba (configured for samba ->
ldap -> sasl -> kerberos).
2. ldap, next samba (just samba -> ldap, without kerberos password
storing).
Also, If I use the option 1, should the windows clients use a kerberos
client?, or they just login as usual. Has anybody tested something like
this?
My system:
Hardware:
+ Athlon XP 1500+, 512Mb RAM (133).
Software:
+ Slackware 9.1 (with kernel 2.6.5), and most recent upgrades of all
packages.
+ OpenLDAP 2.2.8
+ kerberos: MIT kerberos 1.3.2 (read somewhere that it has thread
issues, I'm thinking to move to heimdal, any sujestions?), heimdal 0.6.1.
+ samba 3.0.2a
+ cyrus sasl 2.1.18
+ berkley db 4.2.52
+ open ssl 0.9.7d.
Thanks in advance for your help,
Sincerely,
Ildefonso Camargo
icamargo at merkurio.com.ve
More information about the samba
mailing list