Does this mean it would work if I 'domain join'ed an existing M$ ADS? another Samba ADS? My own Samba ADS? Perhaps if it were a Win2K client?
Thanks in advance. This should go a long way towards eliminating/replacing M$ in the workplace. On 11 Oct 2003 11:28:58 +1000 Andrew Bartlett <[EMAIL PROTECTED]> wrote: > On Sat, 2003-10-11 at 05:55, Mike wrote: > > What I'm trying to accomplish is: > > > > 1. kinit [EMAIL PROTECTED] for krbtgt > > 2. smbclient -k -L someserver > > > > Server accepts tgt, extrapolates user info., and accepts authen. > > > > > > This is an attempt at Microsoft server-free directory/kerberos > > implementation. These steps work if using M$ server/ADS, so the > > smbclient understands it. > > > > Server accepts kerb. ticket, extrapolates principal, performs ldap > > query on principal name for additional data, and accepts kerb. as > > valid authen. > > > > Suggestions? > > When Jeremy completes his work to allow us to use the existing host > keytab, this should 'just work'. But for now, it doesn't, as we need > to domain join password in secrets.tdb, which we add by joining the > ADS realm. > > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
