Hi, Thanks for your help, and sorry, cause i didn't explain myself well...
I know that they're all different services. And want I want to do it's put all of them working together, OpenAFS + LDAP and SMB + LDAP. I think that OpenAFS and SMB don't have to work together /and they're not made to work together either), but I have to use LDAP to "synchronize" all the account on both services (SMB and OpenAFS). My doubt was, if I could now install LDAP and use it with OpenAFS that is already installed! Hope I don't have problem with it... Not having to use kerberos5 it's good news! This is an academic project, and I only need the other things working, I don't need lot's of security! Joining SMB with LDAp is easy? Where can I found a manual for that? And how do I integrate LDAP in Openafs now? Once again, thanks for your help! Luis Bivar Ramos -----Original Message----- From: Jason C. Wells [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 26 de Maio de 2004 5:49 To: lbramos Cc: afs Subject: Re: [OpenAFS] Another Doubt - LDAP and SMB On Wed, 26 May 2004, lbramos wrote: > Hi, > > Now that i have afs running, is it possible to "add" LDAP and SMB? yes, but why? see below > Or i have to do everything from scratch again? (please say no... :S) no, see below > Where can i look up for this? many places, the edu domains are a great resource for this sort of info. > For LDAP do i really need kerberos5? Or can i work with the original > version that comes with afs? no, see below. You are confusing things. OpenAFS does not come with LDAP. > Please let me know if you need more information. You choose OpenAFS instead of SMB. You can certainly run an SMB server on your network if you so choose. OpenAFS and SMB are not related. (not in a way that matters to your question) You can also run an LDAP server on your network. You can also run a Kerberos server on your network. For LDAP, you do not need kerberos. For kerberos, you do not need LDAP. However, Kerberos and LDAP can be made to interoperate in vary flexible ways. When you say "original version" do you mean to say "use the kaserver to authenticate users?" Do every_what_ by scratch again? If my answers seem cryptic it is because the questions that you are asking relate to about 40 different possible answers that you may desire. You need to separate the different functionalities of the different servers that you spoke of. Let me clarify: 1 - OpenAFS is a distributed file system, like CIFS but way more powerful. 2 - SMB (aka CIFS) is a networked file system. 3 - Kerberos is an authentication system. 4 - LDAP is a directory protocol. It's a glorified phone book. The real question you are driving at is, "How can I use all of these different protocols on my network?" Or perhaps, "Can these different protocols interoperate on my network?" To address the interoperability issue I can give you some examples. I do not use the OpenAFS native authentication called "kaserver". I use the MIT Kerberos V5 server for authentication. I have one OpenLDAP server running on my network but it is purely experimental at this time and none of my other systems interoperate with it. I don't run SMB at all on my network. Some users store Kerberos data in an LDAP directory. Some users might grant access to an LDAP directory based on a proper authentication via Kerberos. Windows Active Directory perform both LDAP and Kerberos functions. Based on AD authentication, Windows SMB servers grant access to clients. You have to first understand that each piece of software you asked about performs a specific function. Do you need that specific function on your network? Making all of this stuff interoperate is not a task for the faint hearted. It is extremely difficult. It requires a pretty good understanding of each individual component before you can really start making things interoperate in way that is useful to you. Later, Jason C. Wells _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
