Hi All,
anyone else found that adding a Samba server to an AD domain appears to be
incompatible with using an AD Kerberos realm to provide other Kerberised services such
as NFS from the same UNIX host?
Problem I have is that when you join an AD domain thorough Samba 3.x net command
this creates a computer account in the AD to which the administrator does not know the
account password. If you following MS guidelines for configuring other UNIX Kerberised
services to authenticate against a Windows Kerberos realm (AD domain) you are
instructed to use a user account not a computer account because to generate a keytab
file for your Kerberised service you must know the password for the Kerberos/AD
account.
As you cannot have an AD computer account with the same name as an AD user account
it would seem to me that using Kerberised Samba is mutually exclusive with providing
generic Kerberised UNIX services from a single UNIX machine. Surely this will cause
many people problems if this is the case, have I missed something?
Microsoft instructions for creating keytabs are on this link,
<<Microsoft TechNet AD-UNIX Kerberos integration.url>>
many thanks Andy.
BBCi at http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal views which
are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use, copy
or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC monitors
e-mails sent or received.
Further communication will signify your consent to this.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
