> I'm still looking for a possible integration of MIT K5 and AFS through > the windows login, so I will ask you a question. > A first considerations is that afs+k5 works fine but we have to create a > local account with a fake password. The profile will be on the local > disk. We can gain tickets and the token necessary to access \\AFS. The > problem is: how to avoid a local account?
You can't. You'd need Samba to be able to perform a domain account login (using the Kerberos SAM) and then acquire a ticket on the clients behalf. You can't do this (yet). > What about samba? I don't know, but maybe some of you can help me with > this solution. Samba can be a gateway being a windows domain. Sort of, but it can't do things a PDC can't do - like Kerberos. Samba is an NT4 domain controller not an ADS. > we set windows to look for a remote profile instead of the local one, so > that we mimic what we do on afs, k5 and setting login on a mit kdc? > But... how to do this? You can dig out what information exists on "lorikeet", but it is not (yet) a real/complete solution. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
