Re: SPNEGO questions

From: Andrew Bartlett <abartlet@dont-contact.us>
Date: Fri, 28 Oct 2005 12:18:58 +1000

On Thu, 2005-10-20 at 00:11 +0200, Serassio Guido wrote:
> Hi Henrik,
>
> At 23.00 19/10/2005, Henrik Nordstrom wrote:
> >>Downloaded, compiled, and joined to the domain.
> >
> >Good.
>
> I have discovered that the machine account in the domain is not
> created correctly: the SPNs HOST/machine and HOST/machine.fqdn are
> not created. They are needed from the Kerberos KDC for the token distribution.
> So I have added manually the SPNs to the machine account.

This was a regression. I've fixed this now.

> >>But i like to do some test to verify is the basic membership is
> >>working, but ....
> >>- many configuration directive in smb.conf are changed
> >>- swat doesn't work
> >>- I can't find any documentation about Samba 4 smb.conf
> >
> >You shouldn't need much config at all for just authentication via winbind.
> >
> >It's probably best tested with ntlm_auth in it's different modes.
>
> Probably true. But I like to be sure that my Samba 4 interacts
> correctly with AD using Kerberos before try SPNEGO authentication.

Samba4 should do the same YR -> AF for kerberos, because kerberos is
that good :-)

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

Received on Thu Oct 27 2005 - 20:19:03 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:07 MST