[Samba] Win Integration: possible solution?

Adam Tauno Williams adam at morrison-ind.com
Sat Jul 31 14:54:12 GMT 2004


> I'm still looking for a possible integration of MIT K5 and AFS through
> the windows login, so I will ask you a question.
> A first considerations is that afs+k5 works fine but we have to create a
> local account with a fake password. The profile will be on the local
> disk. We can gain tickets and the token necessary to access \\AFS. The
> problem is: how to avoid a local account?

You can't.  You'd need Samba to be able to perform a domain account login (using
the Kerberos SAM) and then acquire a ticket on the clients behalf.  You can't do
this (yet).
 
> What about samba? I don't know, but maybe some of you can help me with
> this solution. Samba can be a gateway being a windows domain. 

Sort of, but it can't do things a PDC can't do - like Kerberos.  Samba is an NT4
domain controller not an ADS.

> we set windows to look for a remote profile instead of the local one, so
> that we mimic what we do on afs, k5 and setting login on a mit kdc?
> But... how to do this?

You can dig out what information exists on "lorikeet",  but it is not (yet) a
real/complete solution.


More information about the samba mailing list