[Samba] samba,ldap and kerberos

Andrew Bartlett abartlet at samba.org
Sun Mar 21 11:50:15 GMT 2004

On Sun, 2004-03-21 at 22:43, Gémes Géza wrote:
> Hash: SHA1
> Andrew Bartlett írta:
> | On Fri, 2004-03-19 at 09:19, aarumuga arumugam wrote:
> |
> |>Hi Everybody,
> |>                We are integrating samba,kerberos and ldap
> |>samba-3.0.2a
> |>sun kerberos
> |>sun ldap
> |>all the three servers are on three different solaris machines.
> |
> |
> | In an unfortunate twist, Samba's kerberos support is *only* available
> | against active directory.  Even if you have somehow convinced your
> | windows client to talk kerberos against a unix KDC, Samba will only join
> | AD.
> OK that's understandable, but recently you have made some (Loriket)
> patches to Heimdal, and using them together with Heimdal's LDAP backend,
> would it be possible, to fool Samba into thinking that it joined AD, or
> Samba requires tickets containing MS PAC?

The heimdal patches were a different thing - in that case Samba is not
actually using Kerberos at all (but it is part of my plan to allow it).

As to looking like AD, there is much more to AD than LDAP+kerberos.  But
that does not stop us making a good stab at making LDAP+Kerberos viable
for unix clients, which we have some control over...

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040321/539aefdc/attachment.bin

More information about the samba mailing list