-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SAMBA wrote:
| What I would like to do is: | (1) direct authentication to AD KDC Winbindd provides NTLM authenticationonly at the moment. One of the developers is working on extending that in pam_winbind. For now you would use pam_krb5 if you need to enable kerberos auth for Unix services. Note that smbd supports ticket based authentication for file and print services when joined to an AD domain. | (2) referencing AD LDAP for account info Sure. try 3.0.21rc1 for the latest set of improvements. | (3) writing any mapped SID to UID/GID in SFU extended Active Directory | LDAP, instead of local database. Winbindd won't write to an SFU enabled AD but it will use the info if you use the ad idmap backend. | I've been digging through published and online documents, | but most documentation is oriented to old-school PDC. I | want to avoid NTLM and PDCs of the past for security and | performance reasons (NTLM single DES vs. Kerberos triple | DES for instance) Windows 2000 and 2003 prefer RC4-HMAC and don't support 3des for kerberos encryption types. cheers, jerry ===================================================================== Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDhhpXIR7qMdg1EfYRAqEkAKDKoqVJsFH8SFcxtMhYba16rr/lPQCePC7O jZtvgblmoAgw8aNsyXPFB+g= =uhBB -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
