Re: [Samba] samba 3.0 kerberos question
Quoting Andrew Bartlett [EMAIL PROTECTED]: On Thu, 2003-10-23 at 06:19, Bob Bartels wrote: I have successfully joined a machine to a active directory and got a kerberos session ticket. Smbclient //server/share$ -k works and allows me access to the dirs on a server in the domain in which I authenticated and received a krb ticket from. smbmount //server/share$ /localmount -o krb Should work as well...right?? NO! I get this error when I try it: Warning: kerberos support will only work for samba servers Anonymous login successful 2348: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed Why is this happening and is there a way to mount a sharepoint after getting a kerberos ticket without having the re-authenticate? Not with smbfs. It is hoped that the CIFS VFS will get better in this regard. So is there any solution to use smb shares (on Samba AND Windows Servers) as home directories for linux users with all their consequences? I mean automatically mount them at boot time, use pam_mkhomedir with them, single signon during the logon process, etc. That's what I was expecting from the release of Samba 3.0, centralized home directories for Windows and Linux users in heterogeneous networks resulting in dramatically reduced administration efforts and the end of not unnecessary redundant information... Kerberos is the key to that scenario. Regards, Axel Suppantschitsch. Dipl.-Ing. (FH) Axel Suppantschitsch --- FH JOANNEUM Gesellschaft mbH University of Applied Sciences Department of Information Management Operating System Technologies Alte Poststrasse 147, A-8020 Graz www.fh-joanneum.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0 kerberos question
Axel, So far this is what I've found out: Once you modify all the pam.d modules you want to authenticate with by adding winbind.so ( ssh, login, su, xdm etc.) and gotten the logins to work... The next problem is uid/gui mappings from the AD-unix. Then comes the mounting of the users directory from an AD. So far the only solution I've found is to use http://uranus.it.swin.edu.au/~jn/linux/smbfs/ This loads a daemon that gets userid and passwd from winbind. It then uses that info to bascially use smbmount with the login credentials to mount the users home dir at login time. I don't know how to parse the AD to get the actual home directory...At this point our home dirs are all going to be DFS$ mounts on the windows servers. I need to parse the Active Directory for this and then pipe that info to smbfs. Then all my AD users should be able to login to our shared unix server and find themselves in their unified home directory. I'm sure permission issues will be the next hurdle. If anyone has a better solution or a howto in the works as to this type of scenerio/solution - Windows AD userbase who need to use a unix server for research and want a unified homedir/account setup. Thanks Bob Quoting Andrew Bartlett [EMAIL PROTECTED]: On Thu, 2003-10-23 at 06:19, Bob Bartels wrote: I have successfully joined a machine to a active directory and got a kerberos session ticket. Smbclient //server/share$ -k works and allows me access to the dirs on a server in the domain in which I authenticated and received a krb ticket from. smbmount //server/share$ /localmount -o krb Should work as well...right?? NO! I get this error when I try it: Warning: kerberos support will only work for samba servers Anonymous login successful 2348: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed Why is this happening and is there a way to mount a sharepoint after getting a kerberos ticket without having the re-authenticate? Not with smbfs. It is hoped that the CIFS VFS will get better in this regard. So is there any solution to use smb shares (on Samba AND Windows Servers) as home directories for linux users with all their consequences? I mean automatically mount them at boot time, use pam_mkhomedir with them, single signon during the logon process, etc. That's what I was expecting from the release of Samba 3.0, centralized home directories for Windows and Linux users in heterogeneous networks resulting in dramatically reduced administration efforts and the end of not unnecessary redundant information... Kerberos is the key to that scenario. Regards, Axel Suppantschitsch. Dipl.-Ing. (FH) Axel Suppantschitsch --- FH JOANNEUM Gesellschaft mbH University of Applied Sciences Department of Information Management Operating System Technologies Alte Poststrasse 147, A-8020 Graz www.fh-joanneum.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0 kerberos question
I have successfully joined a machine to a active directory and got a kerberos session ticket. Smbclient //server/share$ -k works and allows me access to the dirs on a server in the domain in which I authenticated and received a krb ticket from. smbmount //server/share$ /localmount -o krb Should work as well...right?? NO! I get this error when I try it: Warning: kerberos support will only work for samba servers Anonymous login successful 2348: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed Why is this happening and is there a way to mount a sharepoint after getting a kerberos ticket without having the re-authenticate? Thanks Bob -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0 kerberos question
On Thu, 2003-10-23 at 06:19, Bob Bartels wrote: I have successfully joined a machine to a active directory and got a kerberos session ticket. Smbclient //server/share$ -k works and allows me access to the dirs on a server in the domain in which I authenticated and received a krb ticket from. smbmount //server/share$ /localmount -o krb Should work as well...right?? NO! I get this error when I try it: Warning: kerberos support will only work for samba servers Anonymous login successful 2348: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed Why is this happening and is there a way to mount a sharepoint after getting a kerberos ticket without having the re-authenticate? Not with smbfs. It is hoped that the CIFS VFS will get better in this regard. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba