Brian Davidson wrote: > As Jeffrey said, > MIT + standalone windows works if you map Kerb principal to user on the > Windows box.
This means adding users on the windows clients... just the thing I want to avoid :) > MIT + AD also works, if you set up cross-realm auth (AD trusts MIT, MIT > doesn't trust AD works) This is another thing: creating an AD server, and for all newly created principal/afs users I will have to create a user on the AD server... A middle-way solution... > This last issue isn't doable at this point, because of the PAC issue. > OpenLDAP isn't sufficient to replace AD. [...] > > I suggest that you also check with the Samba group, as I think they've > been working on solving this problem. Ok, I'll try some samba groups... > I'm pretty sure you'll have to > run Kerberos and LDAP on the same box (whenever someone gets it > working), and quite possibly Samba too. AFS, Kerberos and LDAP are currently on the same server... and I'll keep it so... ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
