[Samba] Samba + (LDAP + Kerberos V)
Matt Joyce
syslists at vtsystems.com
Wed Oct 20 18:12:46 GMT 2004
So like at least a handful of people before me I have begun the valiant
stugle to unify logins at my place of business.
I have setup a test LDAP + Kerberos V cluster.
And I have Setup a test Samba 3 PDC.
What I would like to do is get Samba to handle kerberos ticket granting
and authentication to the (LDAP + Kerberos V) Directory. Such that
Windows is completely unaware of the existence of Kerberos. And, also
such that I don't have to keep samba domain passwords in ldap and sync
them to kerberos in some sort of bizarre otherworldly failure in
authentication unification.
(Pardon my attempts at prose I am working on 3 hours of sleep)
The question is really one of what you might suggest in terms of a
design, particularly if you have tried and/or done this in the past.
I have heard at least with samba 2 what I am trying is impossible. Not
sure with Samba 3. I am wondering if the Active Directory support can
be employed to my benefit in this manner.
Now, assuming the worst and samba is incapable of handling kerberos
tickets, and assuming i manage to handle tickets in ldap itself.... I
can authenticate LDAP Sambe users of Kerberos without having to keep a
synced password db correct?
-Matt
More information about the samba
mailing list