Announcement

Collapse
No announcement yet.

Samba 4.9 Is Working On Many Improvements, New Features

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Samba 4.9 Is Working On Many Improvements, New Features

    Phoronix: Samba 4.9 Is Working On Many Improvements, New Features

    Developers behind Samba, the open-source SMB/CIFS implementation for providing integration with the Windows Server Domain and Windows clients, is preparing for their next 4.9 release...

    http://www.phoronix.com/scan.php?pag...Early-Features

  • #2
    An amazing typo!

    - Password changees in the AC DC are now logged in Samba's debug logs.

    Comment


    • #3
      I'm assuming "A local authorization plugin for MIT Kerberos." is what I think and would allow Windows Auth via Samba, but I'm not sure if I'm understanding that correctly.

      Comment


      • #4
        Originally posted by Palu Macil View Post
        I'm assuming "A local authorization plugin for MIT Kerberos." is what I think and would allow Windows Auth via Samba, but I'm not sure if I'm understanding that correctly.
        Windows can authenticate in a Samba Domain Controller just like in a normal Active Directory DC. However, Samba historically did not support MIT Kerberos, but only recently does. The plugin itself is described in WHATISNEW.txt as follows:

        This plugin controls the relationship between Kerberos principals and AD
        accounts through winbind. The module receives the Kerberos principal and the
        local account name as inputs and can then check if they match. This can resolve
        issues with canonicalized names returned by Kerberos within AD. If the user
        tries to log in as 'alice', but the samAccountName is set to ALICE (uppercase),
        Kerberos would return ALICE as the username. Kerberos would not be able to map
        'alice' to 'ALICE' in this case and auth would fail. With this plugin account
        names can be correctly mapped. This only applies to GSSAPI authentication,
        not for the geting the initial ticket granting ticket.
        It basically helps to make logins case-insensitive like in Microsoft Active Directory when using MIT Kerberos. I assume this was yet another missing piece from full MIT support which itself is experimental.

        Comment

        Working...
        X