[Samba] Samba and Heimdal Kerberos V Authentication

Asier Baranguán abaranguan at elpagestion.com
Mon Dec 11 09:09:48 GMT 2006

El Lunes, 11 de Diciembre de 2006 02:46, Matt Skerritt escribió:

> Like you, I would like to have the setup described below. I believe
> this setup is possible, and the client and server setup side of it is
> described at
> http://sial.org/howto/kerberos/windows/
> (which was also linked earlier in this thread). I am yet to set samba
> up to do kerberos authentication as described, but I did successfully
> join a Windows XP client to my MIT KDC as described.

Then you can join Windows XP to MIT KDC, but not to a Samba PDC. Ooops, that's 
a big problem because a Samba PDC is... emmm... a PDC :-)

> The biggest  problem that I've found so far is that as soon as you
> join your windows clients to the non-windows kerberos KDC, then that
> client is no longer in a domain, and all users and groups have to be
> local to the machine. 

Uhhh... the drawbacks are big... I can't even /test/ this kind of setup: I 
can't deal without login scripts, domain users, domain groups and so on.

> have a running samba domain with roaming profiles, system policy and
> the like - all of which was unavailable to the machines

¿System policies? ¿How did you implement them? Following the 
instructions or with other software?

In my setup users with portable computers must have roaming profiles and some 
specific setup, and users with PCs must have his personal folder redirected 
to a [home] share. I think I can get it with kixstart 
(http://www.kixtart.org/index.asp), different user groups and some scripting, 
but perhaps with system policies too.

Excuse me for being so beggar but I'm begining with Samba O:-)

> I hope that's at least a little helpful to you.

Yes, you've saved me a lot of time. 


More information about the samba mailing list