[Samba] Samba + (LDAP + Kerberos V)
Gémes Géza
geza at kzsdabas.sulinet.hu
Wed Oct 20 20:07:11 GMT 2004
Matt Joyce írta:
> So like at least a handful of people before me I have begun the
> valiant stugle to unify logins at my place of business.
>
> I have setup a test LDAP + Kerberos V cluster.
>
> And I have Setup a test Samba 3 PDC.
>
> What I would like to do is get Samba to handle kerberos ticket
> granting and authentication to the (LDAP + Kerberos V) Directory.
> Such that Windows is completely unaware of the existence of Kerberos.
> And, also such that I don't have to keep samba domain passwords in
> ldap and sync them to kerberos in some sort of bizarre otherworldly
> failure in authentication unification.
>
> (Pardon my attempts at prose I am working on 3 hours of sleep)
>
> The question is really one of what you might suggest in terms of a
> design, particularly if you have tried and/or done this in the past.
>
> I have heard at least with samba 2 what I am trying is impossible.
> Not sure with Samba 3. I am wondering if the Active Directory support
> can be employed to my benefit in this manner.
>
You can read more about it at:
https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap
> Now, assuming the worst and samba is incapable of handling kerberos
> tickets, and assuming i manage to handle tickets in ldap itself.... I
> can authenticate LDAP Sambe users of Kerberos without having to keep a
> synced password db correct?
>
> -Matt
Cheers
Geza
More information about the samba
mailing list