On Tuesday 14 October 2008 21:51:31 Richard A Nelson wrote: > On Tue, 14 Oct 2008, Clifford W. Hansen wrote: > > I take it I will need to get a Krb5 schema file for ldap? > > Yes, and iirc, one comes with Heimdal package (likely in /usr/share/doc) > if you can't find one, let me know
Found one thanx, also found a doc (in portugese which I don't speak or read but managed to copy and paste). So I now have it all working from a Linux point of view. > > Yea I'm not actually sure why we need kerberos, but my boss seems to > > think we do... > > It is a prety nice environment, Single Sign On, dual-trust, etc... > > It, unfortunately, failed to learn from AFS in that you can only be in > one Kerberos realm at a time (I routinely am in at least three AFS > realms) I normally use ssh keys and havn't needed anything better/else. > > Actually I had previously looked at these doc, (and forgot about them) > > *thanx* > > > > Now the only problem is that I don't get a kerberos ticket when logging > > in to the samba domain from windows... > > No you wont... Samba < 4 is a NT4 PDC/BDC - no Kerberos :( > > Note that even current stock Samba does support Kerberos auth from > Linux! > > You'll either need Samba 4 (in experimental, iirc), or (shudder) > delegate authentication to a real Windows PDC Guess I'm going to have to give SMB4 a go (yes in experimental, shudder), I didn't hear that last part :p -- Thank you, Clifford W. Hansen PHP Developer / Linux Administrator (Cell) +27 82 883 8677 (Fax) +27 86 503 0634 (E-Mail) [EMAIL PROTECTED] (MSN) [EMAIL PROTECTED] (GPG) 0x936D6C19 "We have seen strange things today!" () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
signature.asc
Description: This is a digitally signed message part.
