[Samba] Kerberos and Samba

Ganeshram Iyer ganeshramiyer at gmail.com
Sat Jan 8 03:42:53 GMT 2005

Thank jörn and Andrew,
Apologies for hitting reply only. I did not mean to do this and once i
had sent the email, I resent it to the group.

Thanks again for your replies. The suggestions and comments were very
much what I was looking for. jörn's reply was what I had tried earlier
and for the life of me I could not get Windows users to be able to
change passwords from the Windows machine. It kept telling them that
they did not have the permission to change their own passwords. As for
LDAP, for some reason I was unable to get SAMBA to even authorize
against the LDAP DB. I am a bit of a Linux newbie (i am mainly a part
time Windows administrator) and so am working with a new enviroment.
Thanks for the link. I will try and see if I can implement that better.


On Sat, 08 Jan 2005 07:40:07 +1100, Andrew Bartlett <abartlet at samba.org> wrote:
> On Wed, 2005-01-05 at 17:50 -0600, Ganeshram Iyer wrote:
> > Hello all
> > I am running a RHEL AS server. I want to make this a Kerberos KDC
> > against which all windows clients can authenticate.
> There are two ways to do this:
> You can use an MIT KDC, in the way described by Microsoft, but this has
> nothing to do with Samba, and in fact is not compatible with Samba CIFS
> access (bugs, mostly simple...).
> The other option is to use Heimdal kerberos, and back that onto your
> Samba LDAP sever.  That way, you use the same passwords for both.  Then
> your Unix clients can use pam_krb5, and your windows clients can use
> Samba Domain authentication.
> https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap
> Andrew Bartlett
> --
> Andrew Bartlett                                 abartlet at samba.org
> Authentication Developer, Samba Team            http://samba.org
> Student Network Administrator, Hawker College   abartlet at hawkerc.net

More information about the samba mailing list