[Samba] Samba to Kerberos via OpenLDAP

Adam Tauno Williams adamtaunowilliams at gmail.com
Sat Mar 8 14:37:35 GMT 2008


> Look this howto about Kerberized OpenLDAP, Samba PDC and Squid:
> http://eduardosachs.org/mediawiki/index.php?title=Heimdal_Kerberos_%2B_Samba_PDC_%2B_OpenLDAP_%2B_Squid_no_Debian_Etch
> But, it's only portuguese :(

There are numerous howtos and documents about this;  it gives you a
directory service enabled network that gives you *BOTH* Kerberos and NT4
domain authentication.  But it doesn't make Windows use Kerberos,
Windows will only use domain authentication.

> > talk only to OpenLDAP, and OpenLDAP can do the authentication.  I'll
> > fall back on the Samba to Kerberos direct route if I can't find a 
> > way to do what I want.

You can't.

> > I've noted that the Samba schema and smbldap-tools add to the user
> > record two Samba specific password fields,  sambaNTPassword and
> > sambaLMPassword.
> > If I have the ldapsam module specified as the passdb backend in
> > smb.conf, is OpenLDAP merely storing the samba passwords while Samba
> > does the password comparisons?  Or does OpenLDAP do the 
> > authentication and return a yes or no?

No.  Samba does the authenticaiton using OpenLDAP as a credential and
identity store.

> > Is it possible to have Samba defer authentication to OpenLDAP?  If 
> > so, I can have OpenLDAP use the {SASL} method to do authentication
> > via kerberos.

You can make OpenLDAP use Kerberos for authentication,  that is well
documented.

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org



More information about the samba mailing list