Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 08-23-2004, 02:48 PM   #1
LQ Newbie
Registered: Aug 2004
Posts: 4

Rep: Reputation: 0
Samba&Winbindd/mit-krb5/2003ads authentication

What is the "correct" way of authentication against an AD with krb5 on linux? I currently have a rh9 test server with samba-3.0.5, krb5-1.3.4, and pam_krb5-1.3-rc7.

I'm wanting to have different services use pam to authenticate against the windows AD, so I'm frying my brain on setting up pam to do the authentication correctly so that local users have access to some things and windows users have access to others. For example, I started mucking with /etc/pam.d/ssh to use winbind for auth (with security=ads in smb.conf), then I realized I needed to use pam_krb5 in order to hit the windows k5 server....I can get logged in but klist doesn't show any tickets cached. If I am authenticated against the kerberos server I should have a ticket cached, right? To sum it up, I'm lost. I've read the docs at samba's site, and they are great docs but they don't seem to cover integration with other services that in depth.

Any tips on this project?


Old 08-24-2004, 05:03 PM   #2
Senior Member
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
This is something I've been working on. I'm using rather than pam_krb5, which works with caveats...

I discovered that the services on Linux don't have consistent authentication behaviour. Some use PAM but a number of the big-name services don't, and handle authentication themselves. Those that do support PAM aren't guaranteed to support all of the modules.

SSH turns out to be a bad test case because it will fail unless the user has a valid home directory, so I initially added to the PAM stack as well. Not all of the other services that require home directories support, so I ended up abandoning the approach and wrote a script that creates home directories on the Linux box for all AD users.

My (more or less final) notes are here:


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Heimdal vs MIT krb5 which ones better? behmjoe Linux - Software 1 05-17-2009 09:10 AM
Samba winbindd problem dman65 Linux - Software 1 05-05-2005 02:09 PM
Samba&Winbindd/mit-krb5/2003ads authentication jayted Linux - Networking 1 08-23-2004 02:55 PM
Samba and winbindd Joshsawyer77 Linux - Networking 3 12-30-2002 07:38 PM
SunOS 5.8, Samba 2.2.4 and winbindd?? BrianBr General 1 07-19-2002 07:32 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:02 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration