[Samba] Samba as gateway MIT kerberos
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Oct 12 20:36:09 GMT 2004
On Tue, Oct 12, 2004 at 02:47:57PM -0500, Gerald (Jerry) Carter wrote:
> | --with-afs
> | --with-fake-kaserver
> | --with-krb5=base-directory
>
> Yes, but Volker is better suited to explain how it works.
> Or point you towards some documentation.
It's irrelevant whether you have kerberos enabled or not. The only thing to
make Samba a gateway to AFS is the option --with-fake-kaserver=yes. Setting
that enables Samba to act as a kaserver. Three things to be done for
configuration:
* You have to give Samba access to the AFS KeyFile. This might be a blocker for
you security-wise, but being a kaserver depends on being able to create
kerberos tickets. This is done via the command 'net afskey <keyfile>
<afs-cellname>'
* Set 'afs username map'. It is typically 'afs username map = %u at cellname'. %u
represents the windows username, the appropriate pts user has to exist after
being mapped.
* Set the parameter 'afs share = yes' for all samba shares handing out AFS
filespace.
Hope that helps,
Volker
More information about the samba
mailing list