[Samba] Samba + (LDAP + Kerberos V)

Matt Joyce syslists at vtsystems.com
Wed Oct 20 18:12:46 GMT 2004

So like at least a handful of people before me I have begun the valiant 
stugle to unify logins at my place of business.

I have setup a test LDAP + Kerberos V cluster.

And I have Setup a test Samba 3 PDC.

What I would like to do is get Samba to handle kerberos ticket granting 
and authentication to the (LDAP + Kerberos V) Directory.  Such that 
Windows is completely unaware of the existence of Kerberos.  And, also 
such that I don't have to keep samba domain passwords in ldap and sync 
them to kerberos in some sort of bizarre otherworldly failure in 
authentication unification.

(Pardon my attempts at prose I am working on 3 hours of sleep)

The question is really one of what you might suggest in terms of a 
design, particularly if you have tried and/or done this in the past.

I have heard at least with samba 2 what I am trying is impossible.  Not 
sure with Samba 3.  I am wondering if the Active Directory support can 
be employed to my benefit in this manner.

Now, assuming the worst and samba is incapable of handling kerberos 
tickets, and assuming i manage to handle tickets in ldap itself.... I 
can authenticate LDAP Sambe users of Kerberos without having to keep a 
synced password db correct?


More information about the samba mailing list