Kerberos/Samba/LDAP? Was: FDS - using one password for Samba and Linux accounts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a brand-new Samba 3.x domain working with LDAP/FDS backend; this 
is just for my small (university) department of ~350 users.   The 
university operates an overarching Kerberos realm.  My best possible 
case would be to use that Kerberos realm for authentication/password but 
continue to maintain department LDAP for actual user/group 
authorization/rights.   If I can get everything to use people's existing 
university password, that would be very sweet; failing that, I have to 
give out about 300 passwords in the next month :(

I see the FDS Kerberos Howto, and it seems to make Kerberos integration 
pretty simple, but what is not clear to me is whether it is possible to 
pass this Kerberos authentication through to Samba clients.  The few 
references I see to Samba-Kerberos integration modify the smb.conf with 
direct references to kerberos realm and keytab that would seem to result in:

     Samba ----> Kerberos
     _____ <---- ________

where what I think I want is more like:

     Samba ----> LDAP ----> Kerberos
     _____ <---- ____ <---- ________

(sorry for the awful ASCII!)  where I retain "passdb backend = 
ldapsam:ldap://x.x.x.x"; as the user/group store, but where LDAP refers 
to Kerberos for authn/passwd.

I was going to pose this question to the Samba users list, but I thought 
there might be more value to ask first whether anyone has worked on this 
in a FDS context.  Not to say anything bad about other LDAP servers, but 
I can sometimes find it hard to map integration discussions that use 
OpenLDAP examples to my situation. 

So, anyone on the list running a completely integrated 
Samba/FDS/Kerberos setup that references an overarching Kerberos realm?

Thanks,

Jim


Richard Megginson wrote:
> Saravana Kumar wrote:
>> Hi List,
>>
>> I have FDS configured in the server. There are windows and Linux 
>> client in
>> our network. Windows users also have Linux.
>> Linux clients are authenticating to fds. Samba server is running in a
>> different server and refers to the fds server(ldapbackend). For 
>> windows i
>> had to create a separate password with smbpasswd -a username for each 
>> user
>> which means samba password can be different from Linux password. Also 
>> the
>> password policy doesn't apply to the smbpasswd i create.
>>
>> Is there a way to use one password for both windows and linux logins?
>>   
> No.  This has been on our wishlist for some time now.
> http://directory.fedora.redhat.com/wiki/Wishlist#Passwords
>> TIA,
>> SK
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux