[Samba] Samba with external SSO

[Gergő Vári]

Hi!

My goal is to connect Authentik to Samba (running on Ubuntu).

What I tried (with no success):
- Samba directly to the LDAP outpost (as Authentik can expose it's internal DB like that): this would/will work but Authentik can't use the Samba scheme at the moment.
- Samba -> PAM -> sssd -> LDAP outpost: in theory this worked a long time ago (SMBv1?) but as the password is not sent in the clear (as I understand it's nonce-based) this is not a possible solution (+ somewhere it was explicitly stated sssd support was dropped)
- Samba + (sssd) + Winbind + LDAP? Couldn't try this one, as I seen that basically sssd=Winbind (yet there WAS a module for Winbind to use sssd?)

...and this is where I got stuck.

What would I need to connect Authentik and Samba together without AD being the central place where I store users? (As two-way sync isn't in Authentik atm. with AD)

(Ideally I'd avoid AD, but at this point I'm open to many things.)

(I've followed the mailing list etiquette to the best of my abilities: this is my first message on any of them.)