Re: [Samba] Samba authentication against Linux-based Kerberos
David Markey wrote: Otherwise you could do some pam hackery, perhaps stacking pam_winbind and pam_krb5 for password changing. You would have to do this on all the nodes on your network. and for the windows side of things you could write a password change script, which would be called by samba on a password change. Thanks David! Heimdal Kerberos is - in our case - no solution, as we're using MIT Kerberos. So it's either some pam hackery (in which case the distribution of the changes would pose no problems as all of our nodes are configured centrally via cfengine) or we'll leave it the way it is (advising users to change their passwords twice). I'll have a look at it and see if I've got the time to dig deeper into this topic. If anybody has ever done such a thing - don't be shy and share your knowledge! Cheers, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba authentication against Linux-based Kerberos
Hi, please consider the following situation in a heterogenous, Windows Server-less network, where users use both Windows and Linux: - On Windows users authenticate against a Samba 3.3.2 PDC with tdbsam backend. - On Linux users authenticate against a combination of OpenLDAP and Kerberos. This, of course, brings up the old problem that users have to synchronise their passwords manually for both Windows and Linux. The ideal solution would be that Samba would just support authentication against Linux-based Kerberos, but (correct me if I'm wrong) that doesn't seem possible with Samba3. Is there anything else that can be done? So if users on Windows can't use Linux-based Kerberos for SSO, maybe there is at least a way for users to change their passwords on one OS and get it automatically synced for the other (i.e. if a user changes his password on a Windows machine it gets automatically changed for his Linux account as well and vice versa)? Cheers, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba authentication against Linux-based Kerberos
Use the popular heimdal, openldap + smbk5pwd, samba3 combo This will keep samba/ldap/kerberos passwords in sync no matter how or where the password is changed. Otherwise you could do some pam hackery, perhaps stacking pam_winbind and pam_krb5 for password changing. You would have to do this on all the nodes on your network. and for the windows side of things you could write a password change script, which would be called by samba on a password change. On Tue, 01 Sep 2009 16:48:01 +0200, Robert Markula robert.mark...@gmx.net wrote: Hi, please consider the following situation in a heterogenous, Windows Server-less network, where users use both Windows and Linux: - On Windows users authenticate against a Samba 3.3.2 PDC with tdbsam backend. - On Linux users authenticate against a combination of OpenLDAP and Kerberos. This, of course, brings up the old problem that users have to synchronise their passwords manually for both Windows and Linux. The ideal solution would be that Samba would just support authentication against Linux-based Kerberos, but (correct me if I'm wrong) that doesn't seem possible with Samba3. Is there anything else that can be done? So if users on Windows can't use Linux-based Kerberos for SSO, maybe there is at least a way for users to change their passwords on one OS and get it automatically synced for the other (i.e. if a user changes his password on a Windows machine it gets automatically changed for his Linux account as well and vice versa)? Cheers, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba