Linked by Thom Holwerda on Sat 26th Mar 2011 02:00 UTC
Mac OS X When you run smbd -V on your Snow Leopard installation, you'll see it's running SAMBA version 3.0.28a-apple. While I'm not sure how much difference the "-apple" makes, version 3.0.28a is old. Very old. In other words, it's riddled with bugs. Apple hasn't updated SAMBA in 3 years, and for Lion, they're dumping it altogether for something homegrown. The reason? SAMBA is now GPLv3.
Permalink for comment 468106
To read all comments associated with this story, please click here.
Netatalk and Kerberos
by s_groening on Mon 28th Mar 2011 05:53 UTC in reply to "RE[3]: Netatalk"
Member since:

Yes, indeed it does!

-Actually, Netatalk uses its own set of authentication plugins that work independently of the surrounding architecture.

Netatalk kan use Kerberos for authentication with just a singe requirement met: The Kerberos keytab (e.g. /etc/krb5.keytab) needs to contain a service principal key for use with Netatalk. This is usually called afpserver/ .

Create this service principal key in the following manner:

$ kadmin.local: addprinc --randkey afpserver/

(you can omit the realm as it's implied by kadmin.local)


$ kadmin.local: ktadd -k /etc/krb5.keytab afpserver/

to add the new key to the existing keytab.

Once you've created this from kadmin.local, you can go on to setup Netatalk to use the newly created key by creating a setup like this:

- -tcp -no ddp -uamlist -k5service afpserver -k5keytab /etc/krb5.keytab -k5realm EXAMPLE.ORG -fqdn

Basically, this tells Netatalk to bind to all interfaces, use TCP protocol, use GSSAPI (Kerberos5) for authentication, using the newly created afpserver service principal key from the system's Kerberos keytab and present to others a service of the type afpserver, identifying itself as within the realm EXAMPLE.ORG running AFP on port 548 ;)

I hope this example helps!

Reply Parent Score: 4