SAMBA again

Roger Oberholtzer roger
Tue Nov 29 11:29:09 PST 2005 

On Tue, 2005-11-29 at 11:32 -0500, Matthew Carpenter wrote:
> Sorry to resend, but in case somebody might be able to clarify this,
> Do you require some sort of Kerberos Daemon running to talk KRB with AD?

I did not think so. But I get different answers. I often hear that
Kerberos is only needed to be set up if the Linux server will be
validating users. Otherwise, you should only need a machine account in
the AD server - the Linux machine is only a client wanting to validate
user credentials for a user managed by the AD server who wants to access
a Linux share. All this ti use a single login. My (or one of) holy
grail.

> 
> On Friday 18 November 2005 14:55, Matthew Carpenter wrote:
> > On Friday 18 November 2005 13:07, Aaron Grewell wrote:
> > > Here's what happens from the Kerb side: When you 'net ads join' a
> > > computer account is created in the domain.  Your computer is now part of
> > > the Kerberos realm, and can then authenticate users against the KDC (the
> > > PDC in this case).  When you use kinit you're authenticating a normal
> > > user to test the Kerberos authentication and make sure it's working at
> > > all.  If it does, then Kerb isn't what's causing your problem.  If all
> > > you want from this machine is for it to be a Samba server then there's
> > > no need to worry about PAM, but I believe you'll still need Winbind in
> > > order to resolve the users from AD.
> > >
> > > I'm not sure what you mean here.  If the administrative account is
> > > getting locked out that usually means a failed password attempt.  If the
> > > computer account is getting locked out that's something different.
> >
> > So is there a kerberos daemon which needs to run on the server?  Or is that
> > only if you run a KDC?
> 
> _______________________________________________
> Linux-users mailing list ( Linux-users at linux-sxs.org )
> Unsub/Password/Etc: http://mail.linux-sxs.org/cgi-bin/mailman/listinfo/linux-users
> 
> Need to chat further on this subject? Check out #linux-users on irc.linux-sxs.org !

More information about the Linux-users mailing list