Samba 3 + Kerberized LDAP

Matt Joyce syslists at
Wed Oct 20 16:06:40 EDT 2004

I really dunno where this question should be directed,  I've tried the 
LDAP and Samba mailing lists to no avail...

I want to get samba 3 to authenticate via ldap... but ldap is kerberized.

we have a few ideas...

1.  Keep a Samba Only Password / User account field in ldap... and use 
that to grab the kerberos ticket and store it in ldap and wherever else 
we need it.

2.  Give out keys to machines via dns... so that authentication via 
gssapi / ldap is done that way.

3.   Hope samba 3 has functionality to handle kerberos ticket grabbing 
so it can authenticate to ldap via gssapi for each person.

I am wondering which method is nearest to the mark.... 

Ideas?  thoughts?  lamentations?


More information about the Kerberos mailing list