On Wed, 2003-10-22 at 10:07, Aaron Rosenblum wrote: > Hi, > > I have been reading through the docs for Samba 3, and there is a lot > of talk about how samba 3 can function in an AD domain as a member > server and accept kerberos service tickets issued by an MS KDC. (net > ads join, etc...) > I have a slightly different twist on a similar situation. I have an > MIT kerberos realm set up and my Windows2000 PCs get tickets from this > realm on login just fine. I would like to set up a samba server as > purely a fileserver, and I want my PC clients to be able to mount samba > shares using Kerberos service tickets issued by my MIT KDC. I know > many more people are probably using AD as their KDC, but we want to > decrease our reliance on AD. (That is the idea, isn't it? :-) ) It > seems like this should work. Is this possible? If so, how do I > configure the samba server? What do I tell my Kerberos admin to put in > the keytab for samba? ie smbserver/[EMAIL PROTECTED] ???
This needs work - Jeremy was looking into the matter, but I'm not sure what state it got to. That said, if you have the windows side taking the kerberos tickets, the rest only a matter of unwinding samba's 'not using the keytab' work. > As an addition, I am fine with managing my users locally on this samba > server (as opposed to binding to an LDAP server). Our KDC has a large > number of users in it, and I only want to give access to a very small > subset of these users. I just want these users to be able to present a > service ticket from our MIT realm as authentication instead of being > prompted for a password. Only users in /etc/passwd will be authenticated. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
