[OpenAFS] samba and openafs

Charles Clancy security@xauth.net
Mon, 11 Mar 2002 11:08:08 -0600 (CST)


> what about Samba and OpenAFS? Samba server is PDC, does the migration
> to OpenAFS affects samba server or PDC? Experiences welcomed.

The main issue with Samba acting as an OpenAFS client is plain-text
passwords.  Windows machines encrypt your password one way, and AFS,
another.  AFS can't do anything with a windows-encrypted password.
Therefore, you have to use Samba with plain-text passwords.  With
plain-text passwords and the appropriate AFS PAM configuration, it works
quite nicely.

Last summer I extensively played with Samba, trying to get it to do both
plain-text passwords AND be a PDC.  I discovered that without hacking the
Samba source, it wasn't possible.  Things may have changed since then.
Samba requires you to have an SMB passwd file in order for new machines to
join the domain.

What I'd like to see is Samba offer multiple authentication methods.  If
machine accounts could be stored by default in an SMB passwd file, and
allow other types of authentication for users, that would be great.

[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]