On Thu, 2004-04-22 at 22:29, Dan Hill wrote:
Andrew Bartlett wrote:
On Thu, 2004-04-15 at 21:47, Diego Julian Remolina wrote:
If you want to see the order on how to compile them and get them to work then look at:
http://www.math.gatech.edu/~dijuremo/ldap/
If you have a Native Windows PDC and samba is acting as a secondary then you can have kerberos authentication against the windows PDC kerberos. This is done with a cross-realm authentication trick as I was told by Gerald Carter (one of the developers of samba). Samba 3 does not support kerberos auths without having a Windows PDC with Active Directory. If you do not have a native windows pdc then you need to authenticate against the passwords stored in tdbsam or ldapsam but not on kerberos.
See, this is the trick I've been talking about. Technially, Samba can use kerberos without a windows DC, but there are some silly, (and some not quite so silly) reasons why that's not an option right now.
However, you can add Kerberos to your existing Samba LDAP server. That is, if you run Heimdal 0.6.1 (or better still a snapshot) you can use your sambaNTpassword as the type 23 encryption key, and have linux/unix/OSX clients use kerberos.
Andrew Bartlett
Thanks for the link.
Is it very difficult to add the Kerberos support after an LDAP Samba PDC/BDC setup has been configured and in production mode?
Samba won't know the difference - but the new Heimdal KDC however will operate on exactly the same passwords!
You could even do it on a read-only LDAP slave, if you don't intend to change passwords (password changes are probably best done by Samba only at this point).
Andrew Bartlett
Firstly, sorry about not sending my above message to the list. I guess I hit reply rather than reply-all.
Thanks. I will be giving Heimdel a try.
~Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
