Re: Kerberos with LDAP backend / Replace active directory

[Richard A Nelson <cowboy@debian.org>]

On Tue, 14 Oct 2008, Clifford W. Hansen wrote:

> I take it I will need to get a Krb5 schema file for ldap?

Yes, and iirc, one comes with Heimdal package (likely in /usr/share/doc)
if you can't find one, let me know

> Yea I'm not actually sure why we need kerberos, but my boss seems to
> think we do...

It is a prety nice environment, Single Sign On, dual-trust, etc...

It, unfortunately, failed to learn from AFS in that you can only be in
one Kerberos realm at a time (I routinely am in at least three AFS
realms)

> Actually I had previously looked at these doc, (and forgot about them) *thanx*
>
> Now the only problem is that I don't get a kerberos ticket when logging in to
> the samba domain from windows...

No you wont...  Samba < 4 is a NT4 PDC/BDC - no Kerberos :(

Note that even current stock Samba does support Kerberos auth from
Linux!

You'll either need Samba 4 (in experimental, iirc), or (shudder)
delegate authentication to a real Windows PDC

--
Rick Nelson
<toor> netgod: what do you have in your kernel??? The compiled source for
       driving a space shuttle???
<Spoo> time to make a zip drive your floppy drive then. if the kernel
       doesn fit on that, the kernel is an AI