On Wed, 2005-01-12 at 12:17 +0100, Jukka Salmi wrote: > Andrew Bartlett --> samba (2005-01-12 21:52:48 +1100): > > On Tue, 2005-01-11 at 18:10 +0100, Jukka Salmi wrote: > > > GÃmes GÃza --> samba (2005-01-10 21:29:44 +0100): > > > > > > I don't know anything about how Win clients authenticate, but I managed > > > to configure a Win2k client to obtain a TGT from a Heimdal kdc during > > > login. This is quite well documented somewhere on Microsoft's website. > > > > > > Would be great if this ticket allowed the client to access samba shares... > > > > I've posted a patch here a number of times that should allow that, > > however if you set 'security=ads' and 'kerberos use keytab=yes', it > > should work... > > Hmm, does this mean that with 'security=ads' and 'kerberos use keytab=yes' > it should work _without_ the patch?
Should, might. I've attached my proposed patch, it apparently even worked for someone... You will need to export the cifs/my.full.name principal into the keytab, plus any others that the client may want to use. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
