LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-23-2004, 01:48 PM   #1
jayted
LQ Newbie
 
Registered: Aug 2004
Posts: 4

Rep: Reputation: 0
Samba&Winbindd/mit-krb5/2003ads authentication


What is the "correct" way of authentication against an AD with krb5 on linux? I currently have a rh9 test server with samba-3.0.5, krb5-1.3.4, and pam_krb5-1.3-rc7.

I'm wanting to have different services use pam to authenticate against the windows AD, so I'm frying my brain on setting up pam to do the authentication correctly so that local users have access to some things and windows users have access to others. For example, I started mucking with /etc/pam.d/ssh to use winbind for auth (with security=ads in smb.conf), then I realized I needed to use pam_krb5 in order to hit the windows k5 server....I can get logged in but klist doesn't show any tickets cached. If I am authenticated against the kerberos server I should have a ticket cached, right? To sum it up, I'm lost. I've read the docs at samba's site, and they are great docs but they don't seem to cover integration with other services that in depth.

Any tips on this project?

Thanks!

jay
 
Old 08-24-2004, 04:03 PM   #2
hob
Senior Member
 
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
This is something I've been working on. I'm using pam_winbind.so rather than pam_krb5, which works with caveats...

I discovered that the services on Linux don't have consistent authentication behaviour. Some use PAM but a number of the big-name services don't, and handle authentication themselves. Those that do support PAM aren't guaranteed to support all of the modules.

SSH turns out to be a bad test case because it will fail unless the user has a valid home directory, so I initially added pam_mkhomedir.so to the PAM stack as well. Not all of the other services that require home directories support pam_mkhomedir.so, so I ended up abandoning the pam_mkhomedir.so approach and wrote a script that creates home directories on the Linux box for all AD users.

My (more or less final) notes are here:

http://www.se.clara.net/notes/linux-with-ad.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Heimdal vs MIT krb5 which ones better? behmjoe Linux - Software 1 05-17-2009 08:10 AM
Samba winbindd problem dman65 Linux - Software 1 05-05-2005 01:09 PM
Samba&Winbindd/mit-krb5/2003ads authentication jayted Linux - Networking 1 08-23-2004 01:55 PM
Samba and winbindd Joshsawyer77 Linux - Networking 3 12-30-2002 06:38 PM
SunOS 5.8, Samba 2.2.4 and winbindd?? BrianBr General 1 07-19-2002 06:32 PM


All times are GMT -5. The time now is 08:31 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration