[Samba] Samba authentication against Linux-based Kerberos

David Markey dmarkey at dodds.dmarkey.com
Tue Sep 1 09:25:30 MDT 2009

Use the popular heimdal, openldap + smbk5pwd, samba3 combo

This will keep samba/ldap/kerberos passwords in sync no matter how or where
the password is changed.

Otherwise you could do some pam hackery, perhaps stacking pam_winbind and
pam_krb5 for password changing. You would have to do this on all the nodes
on your network. and for the windows side of things you could write a
password change script, which would be called by samba on a password

On Tue, 01 Sep 2009 16:48:01 +0200, Robert Markula <robert.markula at gmx.net>
> Hi,
> please consider the following situation in a heterogenous, Windows
> Server-less network, where users use both Windows and Linux:
> - On Windows users authenticate against a Samba 3.3.2 PDC with tdbsam
> backend.
> - On Linux users authenticate against a combination of OpenLDAP and
> Kerberos.
> This, of course, brings up the old problem that users have to
> synchronise their passwords manually for both Windows and Linux.
> The ideal solution would be that Samba would just support authentication
> against Linux-based Kerberos, but (correct me if I'm wrong) that doesn't
> seem possible with Samba3.
> Is there anything else that can be done? So if users on Windows can't
> use Linux-based Kerberos for SSO, maybe there is at least a way for
> users to change their passwords on one OS and get it automatically
> synced for the other (i.e. if a user changes his password on a Windows
> machine it gets automatically changed for his Linux account as well and
> vice versa)?
> Cheers,
> Robert

More information about the samba mailing list