SAMBA again

Roger Oberholtzer roger
Sat Nov 19 08:32:37 PST 2005 

On Fri, 2005-11-18 at 13:28 -0800, Aaron Grewell wrote:
> On Fri, 2005-11-18 at 14:55 -0500, Matthew Carpenter wrote:
> > On Friday 18 November 2005 13:07, Aaron Grewell wrote:
> > >
> > > Here's what happens from the Kerb side: When you 'net ads join' a
> > > computer account is created in the domain.  Your computer is now part of
> > > the Kerberos realm, and can then authenticate users against the KDC (the
> > > PDC in this case).  When you use kinit you're authenticating a normal
> > > user to test the Kerberos authentication and make sure it's working at
> > > all.  If it does, then Kerb isn't what's causing your problem.  If all
> > > you want from this machine is for it to be a Samba server then there's
> > > no need to worry about PAM, but I believe you'll still need Winbind in
> > > order to resolve the users from AD.
> > 
> > > I'm not sure what you mean here.  If the administrative account is
> > > getting locked out that usually means a failed password attempt.  If the
> > > computer account is getting locked out that's something different.
> > >
> > 
> > So is there a kerberos daemon which needs to run on the server?  Or is
> that 
> > only if you run a KDC?
> 
> Only on the KDC.  In the case of AD, the Domain Controllers handle
> Kerberos automatically.  The Kerberos client bits are all that's needed
> for Samba kerb support.  Assuming Windows DNS, you shouldn't even need
> to configure Kerberos.  The Kerb client should be able to DNS-resolve
> the KDC's without any help.

This is what I have been thinking. And why I get so frustrated at the
docs. They all want to set up Kerberos on the SAMBA machine. And that
makes the procedure less than obvious when you only want SAMBA to pass
login attempts (access to shares - to be more precise) to some PDC for
authentication.

> _______________________________________________
> Linux-users mailing list ( Linux-users at linux-sxs.org )
> Unsub/Password/Etc: http://mail.linux-sxs.org/cgi-bin/mailman/listinfo/linux-users
> 
> Need to chat further on this subject? Check out #linux-users on irc.linux-sxs.org !

More information about the Linux-users mailing list