[CentOS] CentOS 6 smb authentication?

Thu Nov 17 17:26:46 UTC 2011
John Hodrien <J.H.Hodrien at leeds.ac.uk>

On Thu, 17 Nov 2011, Les Mikesell wrote:

> I have some services on Centos5 boxes that use smb authentication
> against the Windows domain as a low-maintenance way to handle most of
> our office users for things that don't need home directories (web/file
> shares, etc.).  Running authconfig is all it takes to add it to PAM,
> then adding mod_auth_pam to apache makes it work with that and local
> users.  This all works without any particular involvement with the
> Windows group or administrative access there.
> Is there a better way to do this on C6 that does not involve 'joining'
> the windows domain?

You don't *have* to join it to the domain, you can use pam_krb5 without
joining if you want.  There are advantages if you do though, since a joined
machine offering samba shares to windows users on a domain won't prompt for a
password, as it'll use their existing kerberos ticket.  Joining *is* just a
case of a correct smb.conf/krb5.conf and "net ads join" with an account with
sufficient privs, so isn't really much pain for servers.

> And is there a way to make samba (C5 or 6) work with Windows7 other
> than configuring every client to to send NTLM authentication when
> requested?

On C5 I thought upgrading to samb3x was sufficient, and that C6 it should just
work.  I'm assuming that not the case?