Winbind and Active Directory
Matthew Carpenter
matt
Tue Nov 8 07:57:08 PST 2005
Thanks Aaron. I'm actually a bit afraid of introducing Kerberos into the mix
before I'm comfortable with what's wrong.
I'm still very new to Kerberos on Linux. That would be a great SxS if you're
interested!
Thanks,
Matt
On Monday 07 November 2005 12:36, Aaron Grewell wrote:
> > Any ideas of what might have changed between NT Domain and AD Domain
> > Emulation? Any security settings which might be enabled in AD that might
> > stop this type of activity?
> > Anyone with AD integration experience? Should I be joining the AD using
>
> "net
>
> > join" instead of "net rpc join"? Does that still allow me to use winbind
>
> for
>
> > PAM integration?
>
> Well, for one thing you're still using old-stype RPC stuff which is less
> secure. If you change to ADS mode and join that way (net ads join IIRC)
> you'll get the benefit of Kerberos which is much more secure than NTLM.
> That's not directly related to the problem you're having, though. I
> used the 'winbind use default domain' directive to eliminate having to
> worry so much about the domain. I'm on SuSE 10 which may or may not
> matter. PAM configuration is somewhat different than for RH and
> friends.
>
> Here's what I'm using for smb.conf if it helps:
...
--
Matthew Carpenter
matt at eisgr.com http://www.eisgr.com/
Enterprise Information Systems
* Network Server Appliances
* Security Consulting, Incident Handling & Forensics
* Network Consulting, Integration & Support
* Web Integration and E-Business
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20051108/9895eb50/attachment.pgp
More information about the Linux-users
mailing list