How will the users be authenticating? If you're going to be adding the machines to an NT domain and you want users to authenticate against that at login you will need to store all the samba account information including the nt password hash in there. So although you can still store your user info in LDAP, Kerberos won't be used for authentication.
If you don't care about domain stuff, then you can put the samba server into ADS mode and the Windows users can use their Kerberos tickets to get access. I'm not sure if this will work with MIT Kerberos on the client or if Microsoft Kerberos is required. The biggest pain with this is then managing local users on all the desktops whereas they are one in the same with an NT or AD domain. You might be able to use some pGina or scripting magic to help compensate for this last part. As a last thought, I seem to remember that you can have samba in user mode, set the domain, and it will still accept Kerberos credentials. I have not done this however. Hope this helps a bit, --Ryan On Tue, Jun 24, 2008 at 2:31 PM, Alex <[EMAIL PROTECTED]> wrote: > Hello Everyone, > > I have a question regarding Samba, Kerberos, and LDAP. Specifically, I would > like to have users authenticate through Samba using the existing information > stored in Kerberos and LDAP. According to the documents I have read, this is > similar to the mechanism used by Microsoft's Active Directory, which Samba > supports. However, I am completely confused on this issue: can MIT Kerberos > and OpenLDAP be used as a backend to Samba? I have no Windows servers on the > network, and attempts to authenticate against Kerberos have left all of the > smb tools responding "cannot find DC for domain" > > If necessary, I will post the configuration information, but at this point, > I only wish to find out if such a set up is currently possible. (I appolize > if this question is common, but I could not find any clear answer after 72 > hours of searching). > > Sincerely, > Alex > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
