[Samba] Samba + (LDAP + Kerberos V)
Tarjei Huse
tarjei at nu.no
Thu Oct 21 07:53:30 GMT 2004
Hi,
> >>
> >> You can read more about it at:
> >> https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap
> >>
I would be very happy for any input and suggestions to the howto.
Tarjei
> >>
> >>> Now, assuming the worst and samba is incapable of handling kerberos
> >>> tickets, and assuming i manage to handle tickets in ldap itself....
> >>> I can authenticate LDAP Sambe users of Kerberos without having to
> >>> keep a synced password db correct?
> >>>
> >>> -Matt
> >>
> >>
> >>
> >> Cheers
> >>
> >> Geza
> >>
> > yeah thats almost decent documentation for ldap + kerberos but says
> > absolutley nothing about samba 3.
> >
> >
> That's very easy to explain, because if you follow it you will have your
> kerberos using the Samba' MD4 password hash, and so all of your *nix and
> windows machine will use the same password. However as Samba3 is able to
> emulte an NT4 DC, Windows clients don't try, nor are succesfull in using
> kerberos against it. So you can have something like in the following
> ASCII graphic:
> _______________
> _______________ ______________
> | |
> | |
> | |
> | |---------------------------->| LDAP
> |<----------------------------------| Samba |
> | |
> |_______________| |______________|
> | *nix |
> ^ ^
> | client |
> _______|_______ ______ |_______
> | |
> | |
> | |
> | |---------------------------->| Heimdal
> | | Windows |
> |______________|
> |______________| |
> client |
>
>
>
> |______________|
>
> Hope this helps to clarify the situation in a pre-Samba4 world.
>
> Cheers,
>
> Geza
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
Mob: 920 63 413
-- A Mathematician is a machine for turning coffee into theorems. - Paul Erdös
More information about the samba
mailing list