[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Samba to Kerberos via OpenLDAP
Wes Modes <wmodes@ucsc.edu> writes:
> Thanks for all your advice so far.
>
> First, I'll just say this is a question principally about the arcane mysteries
> of Samba to OpenLDAP authentication.
>
> I've had Samba to OpenLDAP authentication running for a while now using the
> samba.schema and the ldapsam module. Now I'd like to understand a bit more
> about how that works in order to take it a step further and get openLDAP to
> bind against a Kerberos database via SASL.
>
> An aside; Yes, I'd heard that Samba can be configured to authenticate against
> Kerberos directly, but for my own reasons, I'd prefer that Samba talk only to
> OpenLDAP, and OpenLDAP can do the authentication. I'll fall back on the Samba
> to Kerberos direct route if I can't find a way to do what I want.
>
> I've noted that the Samba schema and smbldap-tools add to the user record two
> Samba specific password fields, sambaNTPassword and sambaLMPassword.
>
> If I have the ldapsam module specified as the passdb backend in smb.conf, is
> OpenLDAP merely storing the samba passwords while Samba does the password
> comparisons? Or does OpenLDAP do the authentication and return a yes or no?
>
> Is it possible to have Samba defer authentication to OpenLDAP? If so, I can
> have OpenLDAP use the {SASL} method to do authentication via kerberos.
This is a Samba topic, not an OpenLDAP topic.
Samba only can join a Windows Server KDC.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6