On Tue, 2005-08-09 at 04:10 +1000, Andrew Bartlett wrote: > On Fri, 2005-08-05 at 16:41 -0400, [EMAIL PROTECTED] wrote: > > We have an existing samba server with many userids, using NTLM > > authentication (stored in OpenLDAP). We would like to add many other > > userids, which will authenticate against an existing MIT kerberos server. > > Each of our customers will have either an NTLM-based userid/password, or > > a kerberos-based userid/password, but never both. > > > > We would like both kinds of userids to work with the same samba server. > > e.g. in a PC lab, if a customer enters [EMAIL PROTECTED] > > it should authenticate against our kerberos server, and allow access > > to that user's Samba space; if another customer enters NTLMUserid, > > it should authenticate using NTLM (stored in our OpenLDAP), and > > allow access to that user's Samba space. > > > > Is this possible ? > > This should be possible, if you setup samba into the kerberos realm with > cifs/.... and host/.... entries. Put 'use kerberos keytab = yes' in > your smb.conf, and it should sort of work. > > Have a play, see how you go.
I should note that getting windows to accept the login is entirely your problem - see the MIT/Windows interop stuff, but I've never dealt with that. My other proposal is to move to a Heimdal kerberos server, and share the arcfour-hmac-md5 (aka NT hash) keys with Samba, so that Samba does NTLM authentication, but you can do kerberos to non-windows clients. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
