[Samba] Samba to Kerberos via OpenLDAP

[Eduardo Sachs]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wes Modes,

Look this howto about Kerberized OpenLDAP, Samba PDC and Squid:
http://eduardosachs.org/mediawiki/index.php?title=Heimdal_Kerberos_%2B_Samba_PDC_%2B_OpenLDAP_%2B_Squid_no_Debian_Etch


But, it's only portuguese :(

[]'s

Wes Modes escreveu:
> First, I'll just say this is a question principally about the arcane
> mysteries of Samba to OpenLDAP authentication.
> I've had Samba to OpenLDAP authentication running for a while now using
> the samba.schema and the ldapsam module.  Now I'd like to understand a
> bit more about how that works in order to take it a step further and get
> openLDAP to bind against a Kerberos database via SASL.
> 
> An aside;  Yes, I'd heard that Samba can be configured to authenticate
> against Kerberos directly, but for my own reasons, I'd prefer that Samba
> talk only to OpenLDAP, and OpenLDAP can do the authentication.  I'll
> fall back on the Samba to Kerberos direct route if I can't find a way to
> do what I want.
> 
> I've noted that the Samba schema and smbldap-tools add to the user
> record two Samba specific password fields,  sambaNTPassword and
> sambaLMPassword.
> If I have the ldapsam module specified as the passdb backend in
> smb.conf, is OpenLDAP merely storing the samba passwords while Samba
> does the password comparisons?  Or does OpenLDAP do the authentication
> and return a yes or no?
> 
> Is it possible to have Samba defer authentication to OpenLDAP?  If so, I
> can have OpenLDAP use the {SASL} method to do authentication via kerberos.
> 
> Wes
> 

- --
Eduardo Sachs
(51) 9262-3803
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH0ltmKB6+7l7CbHURAlb9AJ9J8DX8CeV9YLsRbIcCspP2oI3T3ACgqpQ4
KGpIQrpWdxbZaO4TvPXERVA=
=6OOw
-----END PGP SIGNATURE-----