Authentication Windows client against Kerberos MIT and authorizing against OpenLDAP.

Scott Grizzard scott at scottgrizzard.com
Tue Jun 23 11:26:23 EDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Have you tried using samba3 as an NT4 style domain controller with an
ldap backend?

It was messy, but I got it to work so the XP workstations authenticate
against the SambaPDC, and then used MIT Kerberos on the desktops to
authenticate to the KDC.  Since both Samba and Kerberos were using the
same LDAP database, the user only had one password, and was
automatically logged in to the KDC once they signed on to the Windows
Domain.

- - Scott Grizzard
http://www.scottgrizzard.com
scott at scottgrizzard.com

Mendez, Franklyn wrote:
> Hello all,
>
>
>
> I am thinking of configuring our Windows XP Prof workstation to
> authenticate against our Kerberos servers. I have so far configured them
> successfully though the use of ksetup.exe. I have mapped the user * to *
> and it works well authorizing these users that have already been created
> locally on the workstation. Ksetup can map 1 to 1 user and the use of
> the wildcard * for all; obviously ksetup doesn't help me much in terms
> of authorization.
>
>
>
> My next step is using the Openldap to authorize them and better control
> who logs into what workstation and manage group memberships.
>
>
>
> In my online searches I found a lot of third parties directory services,
> but many cost money. I want to use my existing LDAP setup.
>
> We currently have Solaris, *nix, AIX and Red Hat Linux server being
> authenticated and authorized by our KRB5 and LDAP DBs.
>
>
>
> Have anyone done this before? can you guide me through the path?
>
>
>
> Thank you in advance for your time and information,
>
>
>
> Franklyn Mendez
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpA9B4ACgkQARR1QiSWUG6/DwCfXe2Xzc3tLXRq0ACLBAelOMK3
KXYAn2vOc/UjZti2jJbepwNX1XksSlnQ
=HEXI
-----END PGP SIGNATURE-----



More information about the Kerberos mailing list