[Samba] Samba 4

Gémes Géza geza at kzsdabas.sulinet.hu
Thu Aug 25 14:05:46 GMT 2005


Cédric CACHAT írta:

> Hello,
>
> this is the first time I write to the samba list and I hope my 
> question is not off topic.
> I want to set up a samba server to replace an Active Directory for my 
> Windows workstations.
> So far, I have a LINUX network that works perfectly, all my users are 
> stored in a LDAP server and their authentication is done against a MIT 
> Kerberos server. Hence all users have a valid kerberos ticket when 
> they log onto a machine in the Network.
> I want to include my Windows machines inside my linux network. From 
> what I understood, Samba can fake an AD so Windows authentication at 
> login is done agafile:/home/kingainst the Samba server.
> I think only Samba 4 allows this process, so here we go with the 
> questions:
> - when is samba 4 stable version due (with a good howto)? I was 
> extatic when I found 
> http://samba.iasi.roedu.net/docs/man/Samba4-HOWTO/ but was disapointed 
> when I found out it was yet to be written!
> - can Samba use my existing LDAP & Kerberos servers to authenticate 
> users? From what I saw, Samba 4 has an imbedded LDAP server and I 
> couldn't figure out how to point to my own server. But I'm ain't no 
> genius!
> - I ran a few test with Samba 4 but I couldn't activate a user account 
> so a smbclient command shows
> Connection to \\masterfiler\data failed - NT_STATUS_ACCOUNT_DISABLED
>
> Hope somebody knows the answers to those questions, and I hope I was 
> clear enough. If such is not the case, don't hesitate to ask me for 
> some more information.
>
> Thanks
>
> Cédric

Unfortunately Samba4 is still not ready for production use, it misses a 
few things yet to be written. However it seems, that at least the 
initial few releases will use its own modified version of Heimdal for 
kerberos pruposes, and its own Ldap server.
So for now the best thing I could recomend to you would be to have a 
Samba3+OpenLDAP+Heimdal setup, because this way you will be able to use 
the same passwordhashes for authenticating your kerberos and samba 
users. However in this way your Windows clients will consider your 
Samba3 domain as an NT4 domain (not AD).
If you are interested in this setup I would recomend:
https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap

Regards

Geza


More information about the samba mailing list