Configuring Red Hat as Domain Controller to get the ticket of kerberos authentication from windows server 2008

Question

I configure the windows 2008 as Exchange2010 server, which has domain Example.com, and the other Windows 7 client as Exchange2010 client. The Server IP address is 192.168.0.76 , meanwhile the client IP address is 192.168.0.176.

We all know that, when the the client request to the Exchange2010 server, we can configure it through kerberos authentication. The client can get the Ticket from the KDC of Windows 2008. For further detail, the Client can get the encrypted Service_key through the TGS_REP message of kerberos from the KDC of Windows 2008.

Under these circumstances, I have an idea is that we configure Red Hat Linux as Domain Controller in my organisation to get the encrypted Service_key. The Red Hat Linux ip address is 192.168.0.149. The Red Hat Linux used as Domain Controller, which has the function of KDC instead of the function of Windows 2008 server’s KDC.

My first question is that is that is my idea feasible? Or if it not feasible, how can I get the service_key?

My Second question is that the Red Hat Linux has samba installed, and the samba can used as domain controller, how can samba get the synchronize user’s informations as well as password and Ticket informations from Windows Server2 008?

Answer 1

The domain controller functionality which Exchange 2010 expects can only be provided by an Active Directory Domain Controller. RHEL as it is cannot provide it with the Samba version that is available on RHEL. Please note that Exchange 2010 server expects more than just Kerberos KDC from a domain controller.

Samba project implements AD DC-like functionality starting with Samba 4.0. There are some details as to implementation; in particular, Samba 4.x cannot yet to be compiled with MIT Kerberos KDC (available on RHEL) to provide AD DC-like setup. The version of samba4 packages in RHEL 6.x is only suitable for using with FreeIPA identity management solution (which cannot yet be used to host Exchange server).

The only other solution would be to compile and configure Samba 4.x by yourself, using embedded Heimdal Kerberos KDC, as described http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO. However, this configuration would fall outside of a supported RHEL setup, at least for my understanding.