[Samba] NT coexistence scenario with kerberized SAMBA and MIT single-signon

Sascha Siekmann Sascha.Siekmann at scalix.com
Thu Oct 26 19:08:34 GMT 2006


thanks for the time to read this.

I am doing a proof of concept in the following context.

I have a NT 4.0 domain and because I don't want AD, I am moving towards 
a MIT Kerberos managed domain which still gives me SSO and thru 
kerberized SAMBA, file sharing.

What I have setup so far is XP workstations SSO into the MIT Kerberos 
domain, I can access shares on the Samba server without being prompted 
for username / password and I can also mount shares from the NT domain 
into my Samba server who then shares it with my MIT domain clients. This 
is all working fine.

The question I have is, does anyone see any obvious problems with the 
last statement. So what I am doing here is basically smbmount the remote 
NT servers share (e.g. //ntsrv/docs) into /mnt/smb/docs and then put 
this into smb.conf. I am doing this because I am running in 
security=domain mode and not security = ads as I understand this applies 
specifically to Active Directory. Plus, when I tried that I was never 
able to join the domain against my MIT Kerberos domain.

I use

         comment = Insert a comment here
         path = /mnt/smb/docs
         valid users = @demo
         public = yes
         writable = yes
         printable = no
         create mask = 0765

This gives me exact what I want in terms of SSO, but the question is: Is 
this sane and is it going to scale for, say, a couple hundred users.

Thanks for any insights,


More information about the samba mailing list