1

We have a network with mostly Linux servers and clients, which we recently moved from NIS to Kerberos & LDAP. One of the main reasons was to secure our NFS shares using Kerberos. This is all working great.

Now we do have a few windows clients and we would like to make the NFS shares available to them in a more comfortable way than using WinSCP.

As far as I can see NFSv4 is not available for Windows, let alone with support for Kerberos.

That leaves Samba. The problem is that Samba needs Kerberos credentials to access the NFS shares. They would somehow have to come from Windows. The MIT Kerberos client for Windows works fine. But I don't know if it's possible for Samba to use the credentials from the client or maybe also just take the password and use that to authenticate against the KDC. If it can be done, how?

Mika Fischer
  • 113
  • 1
  • 4

1 Answers1

2

It should be able to - have a look at http://www.interopsystems.com/LearningCenter/Using_Samba_and_Kerberos.htm.

Andy Smith
  • 1,798
  • 13
  • 15
  • Thanks, this got me one step further. I can now authenticate against Kerberos using smbclient from a Linux machine. The main problem remains however. Samba has to use kerberos credentials to access the user's data but it doesn't. It just changes the uid and tries to access the files, which does not work, because of the kerberized NFS4 mounts. – Mika Fischer Feb 03 '10 at 22:38