[Samba] Samba as a PDC with LDAP and Kerberos
Franco "Sensei"
senseiwa at tin.it
Fri Apr 22 23:52:39 GMT 2005
Ti Leggett wrote:
> I've been searching and researching this and I can't seem to find the
> answers I'm looking for. I'd like to setup a Samba PDC that Windows
> clients will join. The PDC will use an LDAP backend to get authorization
> information (username, home directory, etc). The authentication portion
> is handled by an MIT Kerberos KDC. I think I'm real close to having it
> all together but I'm not sure. I have the Windows client setup to point
> at my KDC so authentication *should* be coming from there once the
> authorization portion is going.
Hehehe, it's been a year trying to do that... but no way! I'm sorry to
tell you, but what you want is a replacement of AD... in no way windows
will know about ldap and mit, without an AD domain.
> So first question is, are sambaLMPassword and sambaNTPassword still
> needed in LDAP for each user?
>
> Here's the output from ksetup /dumpstate:
>
> Machine is not configured to log on to an external KDC. Probably a
> workgroup member
> EXAMPLE.COM:
> kdc = <kdc1 server>
> kdc = <kdc2 server>
> kpasswd = <kpasswd server>
> Realm Flags = 0x0 none
> No user mappings defined.
Users must be somewhere to get HKEY_LOCAL* work... and they should be
local users (the MIT-KDC authentication works this way).
> Second, here's what I have in LDAP so far:
> [...]
> I've done a smbpasswd -w <hidden samba_server password>
>
> I can do a net getlocalsid and it will get the correct SID out of LDAP.
Correct.
> However, when I try to join my Windows client to the EXAMPLE.COM domain,
> I can see the ldap queries happening, but the Windows client reports an
> invalid username.
Yes. Active Directory is not there... and it wants AD. In no way you can
fake AD, even though it's kerberos, ldap and smb + natural-flavours...
--
Sensei <mailto:senseiwa at tin.it> <pgp:8998A2DB>
The difference between stupidity and genius is that genius has its limits.
Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba/attachments/20050422/ea6927f9/signature.bin
More information about the samba
mailing list