[Samba] AD Auth, but Unix users and groups
Gerald (Jerry) Carter
jerry at samba.org
Mon Oct 22 14:01:54 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Fajar,
> I'm a newbie, so pls pardon me if I'm saying something here.
> AFAIK, security = ADS is used when we want our samba to
> act as "middle-man" only, that is it forwards the authentication
> request to the AD. So, it's self doesn't do the authentication.
Not correct. When performing Krb5 authentication in an AD
domain, smbd decrypts the service ticket oin the client's session
setup request to validate the user. The DC is not contacted
at all. You are referring to security = domain or other NTLM
based auth mechanisms.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHHK1SIR7qMdg1EfYRAleKAKCluPUiwOV2BYgLi2feAiZ/ixw3IgCgp6Fy
ZRkCoNh+ZmTjYiKoAMwXA/s=
=d6Fy
-----END PGP SIGNATURE-----
More information about the samba
mailing list