Hello again, Ideally, I would have the users authenticate with the existing log ins in LDAP/Kerberos. The users already have access to their own machines, but need a mechanism to be able to access the shared data that they already have on Linux (these are roaming laptops, profiles and network login and unneeded).
In case I am not clear, I do not need Samba to be a domain controller. In fact, I don't need a domain. I just want to use the existing user information available in LDAP and Kerberos, and expose it to Samba for minimal administrative overhead (i.e., I don't want to maintain an smbpasswd). Thank you in advance, Alex On Tue, Jun 24, 2008 at 5:47 PM, Ryan Bair <[EMAIL PROTECTED]> wrote: > How will the users be authenticating? If you're going to be adding the > machines to an NT domain and you want users to authenticate against > that at login you will need to store all the samba account information > including the nt password hash in there. So although you can still > store your user info in LDAP, Kerberos won't be used for > authentication. > > If you don't care about domain stuff, then you can put the samba > server into ADS mode and the Windows users can use their Kerberos > tickets to get access. I'm not sure if this will work with MIT > Kerberos on the client or if Microsoft Kerberos is required. The > biggest pain with this is then managing local users on all the > desktops whereas they are one in the same with an NT or AD domain. You > might be able to use some pGina or scripting magic to help compensate > for this last part. > > As a last thought, I seem to remember that you can have samba in user > mode, set the domain, and it will still accept Kerberos credentials. I > have not done this however. > > Hope this helps a bit, > --Ryan > > On Tue, Jun 24, 2008 at 2:31 PM, Alex <[EMAIL PROTECTED]> wrote: > > Hello Everyone, > > > > I have a question regarding Samba, Kerberos, and LDAP. Specifically, I > would > > like to have users authenticate through Samba using the existing > information > > stored in Kerberos and LDAP. According to the documents I have read, this > is > > similar to the mechanism used by Microsoft's Active Directory, which > Samba > > supports. However, I am completely confused on this issue: can MIT > Kerberos > > and OpenLDAP be used as a backend to Samba? I have no Windows servers on > the > > network, and attempts to authenticate against Kerberos have left all of > the > > smb tools responding "cannot find DC for domain" > > > > If necessary, I will post the configuration information, but at this > point, > > I only wish to find out if such a set up is currently possible. (I > appolize > > if this question is common, but I could not find any clear answer after > 72 > > hours of searching). > > > > Sincerely, > > Alex > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
