-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-04-01 09:06, lynn wrote:
Yes we are running AD. Samba4 _is_ AD. The schema includes rfc2703. Our users have the posixAccount and posixGroup objects which are defined in the m$ AD schema. (made public via the Samba vs m$ European Court ruling last year)
Interesting...
Kerberos needs not only to authenticate the user but also the machines on the lan. When I logon, both I and my computer have to authenticate. If I request a file then both I and the fileserver have to authenticate. This is why the dns is crucial with Kerberos.
I see... I underwent a period of training, mostly with W2K8 R2. These servers had their corresponding DNS, but not DHCP because you can imagine the havoc 14 DHCP servers can make in the same LAN :-) But clients did authenticate to the domains. What I did not make sure is if the DNS could always track the clients. I think that when someone logged in, the machine was counted in the DNS. This can not be replicated with bind, AFAIK, and is perhaps the reason that the samba folks think of another dns daemon.
Nearer to undestanding. Thanks again. L x
Try to trim your messages, removing the old stuff from previous messages. Yours are very long and more difficult to read because you don't. It also needs learning, but please do :-) - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk94K7MACgkQIvFNjefEBxrXRgCg2h4V6c0+wmRUA+OJVid57yt7 3vIAn3POL3p4yeqmHGUECp6nWBfHjuIc =qMSW -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org