Quoting G�mes G�za <[EMAIL PROTECTED]>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Peter Nyberg �rta: > | Hi! > | How do I configure smb.conf and/or Pam as a single sign on server if I > have a > | LDAP server with a Kerberos as password backend through gssapi? > | I only see either Samba/ldap as PDC or Samba/kerberos with ads on the > Internet. > | Not both at the same time? > | I've already configured samba with LDAP and Kerberos support. > Everything seams > | to works. I also configured Samba with ads and Pam support if needed? > | > Unfortunatelly not yet. > Windows clients need an MSPAC in their Kerberos tickets, and as usual > with M$ "inventions" they keep thats a trade secret, so currently only > AD Kerberos servers can do that. > However you can have a Heimdal Kerberos server (current snapshots) with > LDAP backend authenticate your UNIX users against NT password hashes. > For more info you can search the Heimdal or the Samba-technical mailing > lists. > > Cheers > > Geza
In that case one miss the whole point with Kerberos accept for UNIX and Mac OS X. Today I have 60 different UNIX, 45 Macintosh classic, 15 Macintosh OS X and 150 Windows 98/ME/NT/2000/XP. Maybe it's better to use ldap only until they have a fully Kerberized solution, or what�s you opinion? Peter Nyberg Institutionen f�r Biokemi och Biofysik Arrheniusv�gen 12 Tel: 08-16 24 69 Mobil: 070 339 24 69 Fax 153679 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
