[Samba] Configure Samba 3 to auth off a MIT KDC.

wichmannk wichmannk at jva-sr.bayern.de
Mon Sep 27 11:08:49 GMT 2004


When i use the Samba Version 3.0.6-2 , must i use the patch too?
And i think you must insert "use kerberos keytab = yes" in the smb.conf.

Karl Heinz Wichmann

----- Original Message ----- 
From: "Andrew Bartlett" <abartlet at samba.org>
To: "Bruce Marriner" <bmarriner at appss.com>
Cc: <samba at lists.samba.org>
Sent: Saturday, September 25, 2004 7:29 AM
Subject: Re: [Samba] Configure Samba 3 to auth off a MIT KDC.

On Sat, 2004-09-25 at 03:45, Bruce Marriner wrote:
>      I have a Samba 3 server running as my domain controller and want to 
> configure it to authenticate user passwords off a MIT KDC server that
> is already up and running. 

What are the clients?  How do they get their kerberos tickets?

Such a setup is possible, and I've attached my proposed patch.  

To use the patch export kerberos keys into the local keytab for
cifs/hostname@, and (I think) hostname$@.  Then set 'kerberos use keytab
= yes' in your smb.conf.

What will not work however is clients that expect to do an NTLM login,
and have us somehow pass that to a KDC.

Another option is my patch and the Heimdal snapshots with Samba support,
which can allow Samba to use it's password DB for NTLM logins, and for
Heimdal to use the same password database for kerberos tickets.

Andrew Bartlett

Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net

More information about the samba mailing list