[Samba] Kerberos and Samba
Ganeshram Iyer
ganeshramiyer at gmail.com
Sat Jan 8 03:42:53 GMT 2005
Thank jörn and Andrew,
Apologies for hitting reply only. I did not mean to do this and once i
had sent the email, I resent it to the group.
Thanks again for your replies. The suggestions and comments were very
much what I was looking for. jörn's reply was what I had tried earlier
and for the life of me I could not get Windows users to be able to
change passwords from the Windows machine. It kept telling them that
they did not have the permission to change their own passwords. As for
LDAP, for some reason I was unable to get SAMBA to even authorize
against the LDAP DB. I am a bit of a Linux newbie (i am mainly a part
time Windows administrator) and so am working with a new enviroment.
Thanks for the link. I will try and see if I can implement that better.
Ganesh
On Sat, 08 Jan 2005 07:40:07 +1100, Andrew Bartlett <abartlet at samba.org> wrote:
> On Wed, 2005-01-05 at 17:50 -0600, Ganeshram Iyer wrote:
> > Hello all
> > I am running a RHEL AS server. I want to make this a Kerberos KDC
> > against which all windows clients can authenticate.
>
> There are two ways to do this:
>
> You can use an MIT KDC, in the way described by Microsoft, but this has
> nothing to do with Samba, and in fact is not compatible with Samba CIFS
> access (bugs, mostly simple...).
>
> The other option is to use Heimdal kerberos, and back that onto your
> Samba LDAP sever. That way, you use the same passwords for both. Then
> your Unix clients can use pam_krb5, and your windows clients can use
> Samba Domain authentication.
>
> https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap
>
> Andrew Bartlett
>
> --
> Andrew Bartlett abartlet at samba.org
> Authentication Developer, Samba Team http://samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
>
>
>
More information about the samba
mailing list