[Date Prev][Date Next]
Kerberos v5 release 1.1, OpenLDAP 1.2.8, and samba 2.1.0 as an NT Domain Controller
Many questions... Hoping someone [patient] could explain the chain of
events to me, or tell me why such a chain of events could not possibly
I think I may be confusing myself...
How would a Kerberos KDC, an LDAP directory, and a Samba server interact
with one another?
1. Could the KDC store it's database in the LDAP directory?
2. Could the LDAP directory require Kerberos v5 authentication before
allowing a user/service access to the directory?
3. Would a user first need a TGT, then request authentication from the
samba server, which in turn would check the LDAP directory for a match?
Here's what I'd like to do...
1. Conifgure OpenLDAP --with-krb5 so that a KDC authenticates connections to
the LDAP directory.
2. Configure Kerberos server --with-LDAP so that the Kerberos database is
stored in the LDAP directoy, and kerb password changes, etc. are made to the
LDAP directory (if that's what the --with-ldap option actually does for
kerb1.1--if not, what does it do?)
3. Configure samba as an NT domain controller --with-ldap and --with-krb5 so
that NT clients are authenticated by the KDC and have their tickets, etc.
stored in the LDAP directory.
Is this a sensible thing to want to do?
Jeremy Jones, MA, MCSE, CCNA
Northwest Network Services
(208) 343-5260 x106