[CentOS] Linux kerberos to Windows AD 2000/2003

Fri Jul 14 23:27:49 UTC 2006
Simone <simone72 at email.it>

Hi Greg,

I remember doing it, and I remember starting from the ooficial samba 
(at least I remeber following it and getting it working).

I should have some more documentation, if I can find it I will let you know.



King, John (Greg) (LMIT-HOU) wrote:

> blah hit next on my google search and got this link hehe go figure it 
> is the first link AFTER I finally ask for help
> http://windows.ittoolbox.com/documents/tutorials/integrating-samba-3-in-to-a-windows-2003-domain-1893
> but if anyone has more links to share please do
> ------------------------------------------------------------------------
> *From:* centos-bounces at centos.org [mailto:centos-bounces at centos.org] 
> *On Behalf Of *King, John (Greg) (LMIT-HOU)
> *Sent:* Wednesday, July 05, 2006 9:02 AM
> *To:* centos at centos.org
> *Subject:* [CentOS] Linux kerberos to Windows AD 2000/2003
> I have spent the last 4-5 hours scrounging google articles on this and 
> have found 2 solutions. The problem is one of them is something that 
> we will not do (as MS will not support extending AD with Services For 
> Unix(SFU)).
> The other is simply configuring kerberos and pam on the linux system. 
> No problem there from what I can tell.
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: userid at dom.ain
> Valid starting     Expires            Service principal
> 07/05/06 07:23:03  07/05/06 17:23:47  krbtgt/DOM.AIN at DOM.AIN
>         renew until 07/06/06 07:23:03
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> The problem though is configuring winbind from the console (all of the 
> linux systems are nothing more than the kernel, ssh and the few apps 
> necessary for the system to do it's job). All the online examples I 
> have been able to find use the linux GUI.
> Does anyone know of a document (or mind sharing) how they installed 
> and configured the samba 3 winbind daemon to map SID's to unix 
> uid's/gid's? That would eliminate the need to extend the active 
> directory schema.
> thanks,
> Greg
>CentOS mailing list
>CentOS at centos.org