On Tuesday 29 November 2005 11:18, Aaron Grewell wrote: > > > To reiterate -- we have a 'working' Samba server for the ADS domain of > > > which it is a member -- it just doesn't authenticate users who present > > > credentials from the MIT realm trusted by that domain which are mapped > > > in the AD of the member domain to AD accounts when the credentials are > > > presented by Windows clients. > > > > I have not addressed this type of configuration in any of the official > > documentation as I consider this to be well outside of normal scope. If > > someone is willing to contribute a chapter on Kerberos to ADS integration > > involving Samba this will be most welcome. > > This configuration is not as uncommon as it may seem. Many universities > have existing Kerberos implementations and use Microsoft's 'AltSecID' > setup to map SIDs to Kerberos Realm userid's in order to maintain single > sign-on. We do this quite often at UW. I didn't think Samba supported > this configuration at all, so I've never actually tried to make it work. > Are you saying it ought to work?
I have not tried it and thus have no personal knowledge to work from, that's a key reason I asked for contributed input. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
