Samba 4, LDAP and KRB

[Andrew Bartlett]

On Mon, 2005-08-29 at 11:03 +0200, Cédric CACHAT wrote:
> Hello,
> 
> I was advised to subscribe to this mailing list so here is a copy of the 
> message I sent to the general samba list to describe what I am trying to 
> achieve:
> I want to set up a samba server to replace an Active Directory for my 
> Windows workstations.
> So far, I have a LINUX network that works perfectly, all my users are 
> stored in a LDAP server (openldap) and their authentication is done 
> against a MIT Kerberos server. Hence all users have a valid kerberos 
> ticket when they log onto a machine in the Network.
> I want to include my Windows machines to my linux network.
>  From what I understood, Samba can fake an AD so Windows authentication 
> at login is done against the Samba server.
> So here we go with the questions:
> - can Samba use my existing LDAP & Kerberos servers to authenticate 
> users? 

Not without modification.  Even when we get good mapping modules in
place it's won't be a drop into existing infrastructure, as there is so
much more data to store.  I hope we will be able to produce a compromise
modal which can 'bolt onto' an existing corporate LDAP server, but this
doesn't exist yet.  In the short term, it is a replacement LDAP server.

Samba will provide it's own kerberos server, based off the data in it's
LDB.

Finally, for a file-server role, we will be able to be in a MIT realm.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050829/307afca1/attachment.bin