[Samba] NT coexistence scenario with kerberized SAMBA and MIT
single-signon
Sascha Siekmann
Sascha.Siekmann at scalix.com
Thu Oct 26 19:08:34 GMT 2006
Hello,
thanks for the time to read this.
I am doing a proof of concept in the following context.
I have a NT 4.0 domain and because I don't want AD, I am moving towards
a MIT Kerberos managed domain which still gives me SSO and thru
kerberized SAMBA, file sharing.
What I have setup so far is XP workstations SSO into the MIT Kerberos
domain, I can access shares on the Samba server without being prompted
for username / password and I can also mount shares from the NT domain
into my Samba server who then shares it with my MIT domain clients. This
is all working fine.
The question I have is, does anyone see any obvious problems with the
last statement. So what I am doing here is basically smbmount the remote
NT servers share (e.g. //ntsrv/docs) into /mnt/smb/docs and then put
this into smb.conf. I am doing this because I am running in
security=domain mode and not security = ads as I understand this applies
specifically to Active Directory. Plus, when I tried that I was never
able to join the domain against my MIT Kerberos domain.
I use
[kerberos]
comment = Insert a comment here
path = /mnt/smb/docs
valid users = @demo
public = yes
writable = yes
printable = no
create mask = 0765
This gives me exact what I want in terms of SSO, but the question is: Is
this sane and is it going to scale for, say, a couple hundred users.
Thanks for any insights,
Sascha.
More information about the samba
mailing list