[Samba] samba3 and kerberos authentication of users
Andrew Bartlett
abartlet at samba.org
Fri May 27 07:23:28 GMT 2005
On Thu, 2005-05-26 at 09:05 -0500, Ti Leggett wrote:
> The with Kerberos option is only to allow samba to authenticate to a
> Microsoft Active Directory Kerberos server. You basically have two
> options: keep using smbpasswd files or store the passwords in an LDAP
> directory. It seems the recommended method by the Samba team is to use
> LDAP. However, you can use the pam_smbpass module to keep smbpasswd
> files updated with whatever other password methods you might use.
> pam_smbpass does not work with LDAP stored passwords to my knowledge.
This advise has been updated in recent times, because we now optionally
allow the use of a kerberos keytab. See the patch I just posted to do
this without 'security=ads', particularly for unix clients. For windows
clients, the advise holds unless you have managed to get your clients to
use your 'not AD' KDC (possible, just painful), in which case it should
also work.
If you find that you can't get kerberos to work all the time, you can
use Heimdal 0.7 pre-releases, and have Samba and Heimdal share an LDAP
directory. This is particularly effective if you had the Samba passdb
first.
Some discussion of this option is at:
https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050527/dee6c49d/attachment.bin
More information about the samba
mailing list