[Samba] Samba + (LDAP + Kerberos V)

Gémes Géza geza at kzsdabas.sulinet.hu
Wed Oct 20 20:07:11 GMT 2004

Matt Joyce írta:

> So like at least a handful of people before me I have begun the 
> valiant stugle to unify logins at my place of business.
> I have setup a test LDAP + Kerberos V cluster.
> And I have Setup a test Samba 3 PDC.
> What I would like to do is get Samba to handle kerberos ticket 
> granting and authentication to the (LDAP + Kerberos V) Directory.  
> Such that Windows is completely unaware of the existence of Kerberos.  
> And, also such that I don't have to keep samba domain passwords in 
> ldap and sync them to kerberos in some sort of bizarre otherworldly 
> failure in authentication unification.
> (Pardon my attempts at prose I am working on 3 hours of sleep)
> The question is really one of what you might suggest in terms of a 
> design, particularly if you have tried and/or done this in the past.
> I have heard at least with samba 2 what I am trying is impossible.  
> Not sure with Samba 3.  I am wondering if the Active Directory support 
> can be employed to my benefit in this manner.

You can read more about it at:

> Now, assuming the worst and samba is incapable of handling kerberos 
> tickets, and assuming i manage to handle tickets in ldap itself.... I 
> can authenticate LDAP Sambe users of Kerberos without having to keep a 
> synced password db correct?
> -Matt



More information about the samba mailing list