On Thu, 2003-10-09 at 22:55, paul k wrote: > John H Terpstra wrote: > > > On Wed, 8 Oct 2003, Mike wrote: > > > > > >>I've setup samba to use ldap. > >>I've propogated the directory. > >>I've setup the kerberos realm. > >> > --snipp---- > > > However, I'd appreciate a crystal clear understanding of precisely what > > you are trying to implement and how you want it to work. > > > > - John T. > > Just guessing, > > -Setting up samba as PDC > -Setting up (MIT) kerberos > -Setting up LDAP > > -Storing account Information in LDAP > -Creating a service ticket in kerberos like smbd/host.foo > -Exporting to a keytab and telling samba where to look for > -ksetup W2k SP3+ to use MIT REALM and map the principal to the > sambaaccount in LDAP > -authenticate to samba PDC with kerberos credentials obtained from the KDC
I think the last part will be the problem - really, you need to do the full AD stuff for this. While it's a long way from production, there is some work being done in this area. Really, you should just use the NT domain stuff, and keep the passwords in sync for now. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
