On Mon, 2004-03-22 at 23:46, ww m-pubsyssamba wrote: > Can anyone tell me if I can configure Samba 3.x to rely only on Kerberos > authentication (in an AD domain)? > Ideally I'd like to use local UNIX accounts, not winbind, and negate the need for me > to add an entry to passdb, then the > account must exist in AD and locally on each Samba member server for authentication > to work. > If there is any info held in passdb, other than the NTLM coded password, which must > exist for Samba to work then I'd > like to either enter an unusable password or disable NTLM authentication completely. > Reason for my second request > is if I am forced to have users in passdb I don't want to have to worry about the > data being world readable from a > security perspective.
I meant to talk to you earlier about this. It is quite OK to have a system that does not use winbind, and you can still use all the authentication mechanisms. You can set 'security=domain' and even 'security=ads' without winbind. You can also run winbindd (which helps security=domain's performance) without winbind in nsswitch. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
