SAMBA again
Matthew Carpenter
matt
Tue Nov 29 10:50:29 PST 2005
Sorry to resend, but in case somebody might be able to clarify this,
Do you require some sort of Kerberos Daemon running to talk KRB with AD?
On Friday 18 November 2005 14:55, Matthew Carpenter wrote:
> On Friday 18 November 2005 13:07, Aaron Grewell wrote:
> > Here's what happens from the Kerb side: When you 'net ads join' a
> > computer account is created in the domain. Your computer is now part of
> > the Kerberos realm, and can then authenticate users against the KDC (the
> > PDC in this case). When you use kinit you're authenticating a normal
> > user to test the Kerberos authentication and make sure it's working at
> > all. If it does, then Kerb isn't what's causing your problem. If all
> > you want from this machine is for it to be a Samba server then there's
> > no need to worry about PAM, but I believe you'll still need Winbind in
> > order to resolve the users from AD.
> >
> > I'm not sure what you mean here. If the administrative account is
> > getting locked out that usually means a failed password attempt. If the
> > computer account is getting locked out that's something different.
>
> So is there a kerberos daemon which needs to run on the server? Or is that
> only if you run a KDC?
--
Matthew Carpenter
matt at eisgr.com http://www.eisgr.com/
Enterprise Information Systems
* Network Server Appliances
* Security Consulting, Incident Handling & Forensics
* Network Consulting, Integration & Support
* Web Integration and E-Business
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20051129/8b4ad3c1/attachment.pgp
More information about the Linux-users
mailing list