[Samba] Deploying Samba AD into Windows / Linux / OpenLDAP / Kerberos network
Rowland penny
rpenny at samba.org
Fri Jan 29 14:12:42 UTC 2021
On 29/01/2021 14:04, Robert Marcano via samba wrote:
> On 1/29/21 9:54 AM, Rowland penny via samba wrote:
>> On 29/01/2021 13:15, Mike via samba wrote:
>>> * Kerberos: This is probably the big one. One would expect a user
>>> to be
>>> able to log into either a Linux or Windows box. Is there a neat way to
>>> use the same accounts? Can Samba use the existing Kerberos
>>> infrastructure and indeed should it?
>>
>>
>> Samba could use an existing KDC, but it wouldn't be AD
>>
>>
>>> I've read that MIT kerberos
>>> support in Samba is experimental, does this mean "it works but we
>>> wouldn't want to stake our reputations on it" or "it doesn't work"?
>>
>>
>> It does work, but not as fully as the built in Heimdal kerberos,
>> there are several big problems, hence 'experimental'.
>
> I am under the impression that the MIT backend for Samba AD support
> (the embeeding on a KDC inside Samba) is the one that is experimental,
> not basic non AD DC server support.
>
> I use RHEL/CentOS/Fedora MIT based Samba as non DC servers with
> Kerberos without problems.
I never said that you couldn't use MIT with Samba, just that the use of
it with a Samba AD DC is experimental.
Rowland
More information about the samba
mailing list