Hi, > >> > >> You can read more about it at: > >> https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap > >>
I would be very happy for any input and suggestions to the howto. Tarjei > >> > >>> Now, assuming the worst and samba is incapable of handling kerberos > >>> tickets, and assuming i manage to handle tickets in ldap itself.... > >>> I can authenticate LDAP Sambe users of Kerberos without having to > >>> keep a synced password db correct? > >>> > >>> -Matt > >> > >> > >> > >> Cheers > >> > >> Geza > >> > > yeah thats almost decent documentation for ldap + kerberos but says > > absolutley nothing about samba 3. > > > > > That's very easy to explain, because if you follow it you will have your > kerberos using the Samba' MD4 password hash, and so all of your *nix and > windows machine will use the same password. However as Samba3 is able to > emulte an NT4 DC, Windows clients don't try, nor are succesfull in using > kerberos against it. So you can have something like in the following > ASCII graphic: > _______________ > _______________ ______________ > | | > | | > | | > | |---------------------------->| LDAP > |<----------------------------------| Samba | > | | > |_______________| |______________| > | *nix | > ^ ^ > | client | > _______|_______ ______ |_______ > | | > | | > | | > | |---------------------------->| Heimdal > | | Windows | > |______________| > |______________| | > client | > > > > |______________| > > Hope this helps to clarify the situation in a pre-Samba4 world. > > Cheers, > > Geza > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > Mob: 920 63 413 -- A Mathematician is a machine for turning coffee into theorems. - Paul Erdös -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba