On 3/11/08 1:46 PM, "Wes Modes" <[EMAIL PROTECTED]> wrote: > I was told recently that Kerberos authentication won't work against a > non-windows KDC. Is that accurate? So for instance, it is not possible > for Samba running on say RHEL, to authenticate against a Linux server > running MIT Kerberos?
In general, it is not possible for *Samba* to authenticate against a MIT Kerberos server. Technically, it's not possible, period, with Samba 3. With Samba 4, I am less sure, but I would assume you are trying to work with Samba 3. > > Additionally, many people said that setting this up was > well-documented. Any suggestions of particularly good docs / how-to's?' If you are looking to integrate OpenLDAP and MIT Kerberos with Samba, one of the best guides I can think of is here: http://aput.net/~jheiss/krbldap/ It's a little old, and I had to change a few things to get everything working properly, but it does work. Note that Samba will still pickup passwords via OpenLDAP - It will NOT use Kerberos as a native authentication mechanism. The best you can do is either sync your Kerberos password with the sambaNTPassword attribute OR use Heimdal Kerberos, which I believe allows for storing the password database in OpenLDAP as a hash that Samba can use as well. It sort of defeats the original purpose of Kerberos, as the passwords still go across the wire, but at least it cuts down on the number of authentication databases that need to be maintained. > > And lastly, is there anyone here currently who's set up both Kerberos > authentication AND an OpenLDAP user/group data repository for their > Samba server? I'm not using Kerberos authentication for Samba, but I am using it for everything else, along with the OpenLDAP user/group data repository. It works quite well, as long as you can find a decent way to sync the passwords... > > W. -- +------------------------------------------------- | Sean Elble | Virginia Tech, Class of 2009 | President, VTLUUG | E-Mail: [EMAIL PROTECTED] | Web: http://www.sessys.com/~elbles/ | Cell: 860.946.9477 +-------------------------------------------------
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
