[Samba] Samba as gateway MIT kerberos

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Oct 12 20:36:09 GMT 2004

On Tue, Oct 12, 2004 at 02:47:57PM -0500, Gerald (Jerry) Carter wrote:
> | --with-afs
> | --with-fake-kaserver
> | --with-krb5=base-directory
> Yes, but Volker is better suited to explain how it works.
> Or point you towards some documentation.

It's irrelevant whether you have kerberos enabled or not. The only thing to
make Samba a gateway to AFS is the option --with-fake-kaserver=yes. Setting
that enables Samba to act as a kaserver. Three things to be done for

* You have to give Samba access to the AFS KeyFile. This might be a blocker for
  you security-wise, but being a kaserver depends on being able to create
  kerberos tickets. This is done via the command 'net afskey <keyfile>

* Set 'afs username map'. It is typically 'afs username map = %u at cellname'. %u
  represents the windows username, the appropriate pts user has to exist after
  being mapped.

* Set the parameter 'afs share = yes' for all samba shares handing out AFS

Hope that helps,


More information about the samba mailing list