On Sat, 11 Oct 2003, Mike wrote: > Does this mean it would work if I 'domain join'ed an existing M$ ADS? > another Samba ADS? My own Samba ADS? Perhaps if it were a Win2K > client?
Samba can not be an ADS server - FYI. - John T. > > Thanks in advance. This should go a long way towards > eliminating/replacing M$ in the workplace. > > On 11 Oct 2003 11:28:58 +1000 > Andrew Bartlett <[EMAIL PROTECTED]> wrote: > > > On Sat, 2003-10-11 at 05:55, Mike wrote: > > > What I'm trying to accomplish is: > > > > > > 1. kinit [EMAIL PROTECTED] for krbtgt > > > 2. smbclient -k -L someserver > > > > > > Server accepts tgt, extrapolates user info., and accepts authen. > > > > > > > > > This is an attempt at Microsoft server-free directory/kerberos > > > implementation. These steps work if using M$ server/ADS, so the > > > smbclient understands it. > > > > > > Server accepts kerb. ticket, extrapolates principal, performs ldap > > > query on principal name for additional data, and accepts kerb. as > > > valid authen. > > > > > > Suggestions? > > > > When Jeremy completes his work to allow us to use the existing host > > keytab, this should 'just work'. But for now, it doesn't, as we need > > to domain join password in secrets.tdb, which we add by joining the > > ADS realm. > > > > Andrew Bartlett > > > > -- > > Andrew Bartlett [EMAIL PROTECTED] > > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > > Student Network Administrator, Hawker College [EMAIL PROTECTED] > > http://samba.org http://build.samba.org http://hawkerc.net > > > > > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
