Cédric CACHAT írta:
Hello,
this is the first time I write to the samba list and I hope my
question is not off topic.
I want to set up a samba server to replace an Active Directory for my
Windows workstations.
So far, I have a LINUX network that works perfectly, all my users are
stored in a LDAP server and their authentication is done against a MIT
Kerberos server. Hence all users have a valid kerberos ticket when
they log onto a machine in the Network.
I want to include my Windows machines inside my linux network. From
what I understood, Samba can fake an AD so Windows authentication at
login is done agafile:/home/kingainst the Samba server.
I think only Samba 4 allows this process, so here we go with the
questions:
- when is samba 4 stable version due (with a good howto)? I was
extatic when I found
http://samba.iasi.roedu.net/docs/man/Samba4-HOWTO/ but was disapointed
when I found out it was yet to be written!
- can Samba use my existing LDAP & Kerberos servers to authenticate
users? From what I saw, Samba 4 has an imbedded LDAP server and I
couldn't figure out how to point to my own server. But I'm ain't no
genius!
- I ran a few test with Samba 4 but I couldn't activate a user account
so a smbclient command shows
Connection to \\masterfiler\data failed - NT_STATUS_ACCOUNT_DISABLED
Hope somebody knows the answers to those questions, and I hope I was
clear enough. If such is not the case, don't hesitate to ask me for
some more information.
Thanks
Cédric
Unfortunately Samba4 is still not ready for production use, it misses a
few things yet to be written. However it seems, that at least the
initial few releases will use its own modified version of Heimdal for
kerberos pruposes, and its own Ldap server.
So for now the best thing I could recomend to you would be to have a
Samba3+OpenLDAP+Heimdal setup, because this way you will be able to use
the same passwordhashes for authenticating your kerberos and samba
users. However in this way your Windows clients will consider your
Samba3 domain as an NT4 domain (not AD).
If you are interested in this setup I would recomend:
https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap
Regards
Geza
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
