[Samba] Kerberos authentication for non-windows KDCs
Jeremy Allison
jra at samba.org
Wed Mar 12 23:03:30 GMT 2008
On Wed, Mar 12, 2008 at 06:38:35PM -0400, Sean P. Elble wrote:
>
> That said, this is the problem I have run into with my attempt to learn how
> to combine Samba, OpenLDAP, and Kerberos. It's not terribly difficult to
> integrate the three, but the Holy Grail of using MIT Kerberos (or Kerberos
> of any variety, really) on Windows as a member of a Samba domain to
> authenticate to a Samba server seems to be something we will only
> see with Samba 4. Please correct me if I am wrong in saying that, but that
> is how it has appeared to me for quite some time.
No, that's correct. Windows needs the integrated krb5+LDAP+DynDNS+DCE/RPC
etc. pretending to be Active Directory before it will use krb5 tickets.
ie. Use of krb5 in the client has been deliberately tied to using Microsoft
servers (or servers that fool the client well enough that it believes
they are Microsoft servers).
Jeremy.
More information about the samba
mailing list