I have been reading through the docs for Samba 3, and there is a lot of talk about how samba 3 can function in an AD domain as a member server and accept kerberos service tickets issued by an MS KDC. (net ads join, etc...)
I have a slightly different twist on a similar situation. I have an MIT kerberos realm set up and my Windows2000 PCs get tickets from this realm on login just fine. I would like to set up a samba server as purely a fileserver, and I want my PC clients to be able to mount samba shares using Kerberos service tickets issued by my MIT KDC. I know many more people are probably using AD as their KDC, but we want to decrease our reliance on AD. (That is the idea, isn't it? :-) ) It seems like this should work. Is this possible? If so, how do I configure the samba server? What do I tell my Kerberos admin to put in the keytab for samba? ie smbserver/[EMAIL PROTECTED] ???
As an addition, I am fine with managing my users locally on this samba server (as opposed to binding to an LDAP server). Our KDC has a large number of users in it, and I only want to give access to a very small subset of these users. I just want these users to be able to present a service ticket from our MIT realm as authentication instead of being prompted for a password.
any input would be greatly appreciated..
thanks
Aaron
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
