On Thu, 2005-05-26 at 09:05 -0500, Ti Leggett wrote: > The with Kerberos option is only to allow samba to authenticate to a > Microsoft Active Directory Kerberos server. You basically have two > options: keep using smbpasswd files or store the passwords in an LDAP > directory. It seems the recommended method by the Samba team is to use > LDAP. However, you can use the pam_smbpass module to keep smbpasswd > files updated with whatever other password methods you might use. > pam_smbpass does not work with LDAP stored passwords to my knowledge.
This advise has been updated in recent times, because we now optionally allow the use of a kerberos keytab. See the patch I just posted to do this without 'security=ads', particularly for unix clients. For windows clients, the advise holds unless you have managed to get your clients to use your 'not AD' KDC (possible, just painful), in which case it should also work. If you find that you can't get kerberos to work all the time, you can use Heimdal 0.7 pre-releases, and have Samba and Heimdal share an LDAP directory. This is particularly effective if you had the Samba passdb first. Some discussion of this option is at: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
