On Wed, 2010-09-08 at 00:07 +0930, Indexer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > After a bit of research and sniffing about, I am curious as to what it would > take to run Samba3 with kerberos (MIT or Hemidal) as the password backend > > http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/s1-samba-servers.html > Shows how you can use share mode ADS, with krb5 auth. Is it possible to use > any KDC as the "password server = linux.kdc" , and if so, is there a way to > generate the needed host / service principals for the samba server to "fool" > samba into thinking it is part of an AD setup? What principals would they be?
The 'password server' command refers to either a CIFS server on which to conduct a 'man in the middle' attack on the NTLM authentication stream, when security=server, or the DC to contact when 'security=domain'. It is not relevant to Kerberos authentication, which relies instead on a local stored keytab or password, shared with the KDC. You can set up Samba to accept tickets issued somehow to your clients by an MIT or Heimdal KDC. See 'kerberos method' in your smb.conf for the documentation. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc.
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba