Samba / AD / MIT-KDC - Kerberos

This is a discussion on Samba / AD / MIT-KDC - Kerberos ; We have Linux Servers (Red Hat) bound to a Windows 2003 AD. We are using a cross realm trust (two way transitive trust) and AD account mappings to allow Windows clients to authenticate against an MIT KDC. I know that ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Samba / AD / MIT-KDC

  1. Samba / AD / MIT-KDC

    We have Linux Servers (Red Hat) bound to a Windows 2003 AD.

    We are using a cross realm trust (two way transitive trust) and AD account mappings to allow Windows clients to authenticate against an MIT KDC. I know that Samba uses ADS in its configuration to attach as a member server to an Active Directory, but how is samba configured to be a member server in the Windows AD, but use an external MIT KDC.

    I have seen many times that it should be possible.... does anyone know how?

    Thanks

    Mark
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Samba / AD / MIT-KDC

    I replied to Mark in private suggesting he look at coda or openafs in
    place of a samba link to the AD boxes, simply because of the increased
    functionality, and the lack of a need for a ldap bridge to ad from
    samba. I was wondering if anyone had any preferences concerning coda
    and openafs in an environment like his, or any pitfalls they were aware
    of. I am curious as to what others have experiences.

    I guess this is an RFI of sorts...

    -Matt Joyce

    Mark Hendricks wrote:

    >We have Linux Servers (Red Hat) bound to a Windows 2003 AD.
    >
    >We are using a cross realm trust (two way transitive trust) and AD account mappings to allow Windows clients to authenticate against an MIT KDC. I know that Samba uses ADS in its configuration to attach as a member server to an Active Directory, but how is samba configured to be a member server in the Windows AD, but use an external MIT KDC.
    >
    >I have seen many times that it should be possible.... does anyone know how?
    >
    >Thanks
    >
    >Mark
    >________________________________________________
    >Kerberos mailing list Kerberos@mit.edu
    >https://mailman.mit.edu/mailman/listinfo/kerberos
    >
    >


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread