Samba4 + Kerberos cross-realms + ldap

Zombie Ryushu zombie_ryushu at
Tue Jun 14 12:27:35 MDT 2011

You are in the same boat I am.Up until this point, I have had Samba 3+OpenLDAP+Kerberos running, and Samba 4 will probably replace the OpenLDAP and Kerberos part. The problem with doing what you say is that Samba 4 has serious Schema import problems as of Alpha 15. The problem is that the databases are incompatible. The schemas have to be added for all of the OpenLDAP POSIX attributes, FreeRadius Attributes, and Samba 3 Attributes.

--- On Tue, 6/14/11, Mauricio Tavares <raubvogel at> wrote:

From: Mauricio Tavares <raubvogel at>
Subject: Samba4 + Kerberos cross-realms + ldap
To: samba-technical at
Date: Tuesday, June 14, 2011, 2:06 PM

      Quick and easy question: I have a network which already has its
own kerberos + ldap servers running and I want to setup a samba4 box
as AD. So, from conversations here and on irc, the best thing to do is
to setup the samba4's built-in kerberos to do cross-realm
authentication with the other kerberos server. Now, how would those
crossed users look like in samba? Or, how would they be created in the
samba4 ldap so they would have, among other things, a local home
directory (or wherever the homedir; it just have to be in a place
samba can find, know what to do with it, and do it) which would the be

More information about the samba-technical mailing list