[Samba] samba,ldap and kerberos
Andrew Bartlett
abartlet at samba.org
Sun Mar 21 11:50:15 GMT 2004
On Sun, 2004-03-21 at 22:43, Gémes Géza wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Andrew Bartlett írta:
> | On Fri, 2004-03-19 at 09:19, aarumuga arumugam wrote:
> |
> |>Hi Everybody,
> |> We are integrating samba,kerberos and ldap
> |>samba-3.0.2a
> |>sun kerberos
> |>sun ldap
> |>all the three servers are on three different solaris machines.
> |
> |
> | In an unfortunate twist, Samba's kerberos support is *only* available
> | against active directory. Even if you have somehow convinced your
> | windows client to talk kerberos against a unix KDC, Samba will only join
> | AD.
>
> OK that's understandable, but recently you have made some (Loriket)
> patches to Heimdal, and using them together with Heimdal's LDAP backend,
> would it be possible, to fool Samba into thinking that it joined AD, or
> Samba requires tickets containing MS PAC?
The heimdal patches were a different thing - in that case Samba is not
actually using Kerberos at all (but it is part of my plan to allow it).
As to looking like AD, there is much more to AD than LDAP+kerberos. But
that does not stop us making a good stab at making LDAP+Kerberos viable
for unix clients, which we have some control over...
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040321/539aefdc/attachment.bin
More information about the samba
mailing list