On Mon, Nov 21, 2005 at 09:16:38AM +0100, Torsten Homeyer wrote: > Adam D. Morley wrote: > >On Thu, Nov 10, 2005 at 07:39:42AM +0100, Torsten Homeyer wrote: > > >Great! I notice two options: > > > >with_pam and with_ldap > > > >Are either of those needed in order for Windows XP clients to log on to > >the Samba member server? Or does Samba implement the needed "hooks" to > >handle user authentication against the Windows 2003 AD domain? Which I > >assume to be LDAP/Kerberos? > > > >Or does one need to enable LDAP and PAM so that PAM can push the > >authentication to Kerberos on the AD DCs, and the user/group lookup to > >the AD DCs? > > No, you don't need those modules to have Windows XP clients attach to > your Samba server. You just have to join the Domain and start winbindd. > > The authentication of local users on that Samba box against a Windows AD > is another issue which I have not used yet.
Hi, It seems that attaching to the domain probably won't work (at least from my cursory reading of the samba example --- I have to set up the AD test box yet): http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm Says I need kerberos support to join the domain using the AD protocols, but samba from OpenPKG doesn't link against kerberos (system or openpkg provided), maybe because MIT isn't thread safe (or is it now? I haven't been keeping up, I just remember that for a while only heimdal was): bash-3.00# /opt/openpkg/sbin/smbd -d |grep KRB bash-3.00# /opt/openpkg/sbin/smbd -d |grep LDAP (but LDAP can be easily fixed with --with-ldap=yes). Has anyone out there used OpenPKG to provide AD-connected samba member servers that authenticate the users against AD and get the UID from LDAP (windows or *nix, we currently use OpenLDAP anyways, so...) Thanks, -- adam ______________________________________________________________________ The OpenPKG Project www.openpkg.org User Communication List openpkg-users@openpkg.org
