Hi Fergus, Look at the PDF included in the /doc directory source package of Samba caled HOWTO Collection, in the section 4.3.5 and 7.4 you will see how to do it.
I understand that just seting the 2 following parameters you say to AD to use Kerberos: security = ADS encrypt password = yes To test your kerberos conection you can use kinit and klist, usualy placed in /usr/kerberos/bin. [ ]'s On Saturday 15 November 2003 01:42, Fergus wrote: > Hi Fernando, > We are using Samba 3 and I got it to authenticate to ADS.. But the key > is to try and get it to authenticate to ADS using the alternative > kerberos mapping. When you do thi mapping in AD you can login using > kerberos credentials. I'm just not sure how to tell Samba to do this. > > Fergus > > -----Original Message----- > From: Fernando Fonseca [mailto:[EMAIL PROTECTED] > Sent: Friday, 14 November 2003 9:31 PM > To: Fergus McKenzie-Kay; [EMAIL PROTECTED] > Subject: Re: [Samba] ADS with Kerberos trust > > > Fergus, > > What version of Samba are you using? > > With the version 3.0 if you set ¨encrypt password = yes¨ in smb.conf you > will > tell it to use Kerberos, but I think that you already do it. > > Other parameter is the ¨security = ADS¨ that enable the search in ADS. > > On Friday 14 November 2003 04:18, Fergus McKenzie-Kay wrote: > > Hi, > > We have an environment where we use LDAP and Kerberos and we are > > having trouble setting up Samba with both of these. We also have a > > win2k Active Directory server that has all the users mapped to our > > kerberos realm. Unfortunately when we try and configure to use the > > Active Directory server for authentication it tries to use the native > > win2k password and not the kerberos realm mapping. I have tried to set > > > > the smb.conf to the kerberos realm and the password server to the KDC > > but I get: "session setup failed: NT_STATUS_NO_LOGON_SERVERS" > > > > Does anyone have any ideas how to make samba either use active > > directory with the username mappings to kerberos? Or simply use > > kerberos authentication while and LDAP authorisation? I believe the > > first solution would be easier as then AD would look after all the > > details.. whereas when we tried to setup samba talking to kerberos and > > > > ldap, the ldap config needed changing and samba had to know how to > > create users in kerberos and ldap. > > > > Any ideas would be appreciated. > > > > -- > > Fergus McKenzie-Kay <[EMAIL PROTECTED]> -- Fernando Fonseca Network Administrator Tel: +55(11)4039-9260 Triaton do Brasil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba