[Samba] Kerberos and Samba

Ganeshram Iyer ganeshramiyer at gmail.com
Fri Jan 7 19:53:05 GMT 2005 

[reply posted on bottom - hit reply instead of reply all. may be
double posted. apologies for that]


On Fri, 07 Jan 2005 11:49:04 +0100, Jörn Nettingsmeier
<pol-admin at uni-duisburg.de> wrote:
> Ganeshram Iyer wrote:
> > Hello all
> > I am running a RHEL AS server. I want to make this a Kerberos KDC
> > against which all windows clients can authenticate. Apart from this I
> > want to mount the shared folders on the individual windows clients on
> > to the RHEL server. I am assuming that I need to do this using Samba
> > (bear with me as I am a Linux newbie). what mode do I set Samba in to
> > do this? Would it need to authenticate against the KDC? I noticed a
> > realm setting in smb.conf. But all references to this parameter has
> > been in relation to Windows AD. Is it possible for me to have a single
> > location for authentication information while enabling users to view
> > shared folders on individual machines using Kerberos and Samba? I
> > would appreciate any suggestions/comments/ideas. If anyone thinks I am
> > going in the wrong direction I would appreciate any
> > tutorials/references on doing what I need to.
> > Thanks
> 
> 
> i investigated the same scenario a while ago, and came to the conclusion
> that kerberos support in samba is only there so that the samba server
> can join an active directory domain (i.e. it can be a kerberos/ADS
> *client*).
> 
> authenticating windows clients against a kerberos kdc seems to imply
> full active directory support, and samba cannot handle this at present.
> 
> (please, samba gurus, correct me if this is wrong!)
> 
> best,
> 
> jörn
> 
> 

Thanks for the reply jörn,
I really appreciate having anyones input. I have tried numerous mail
lists but never got a reply to this question. if this does not work,
then it does not work. but if i run samba in a share mode to smbmount
the windows folders onto linux/samba server then i will not have
single sign-on will I?

If you have any suggestions for me on how i can do this better I would
really appreciate it.

Thanks again
ganesh

More information about the samba mailing list