[Samba] Samba 3 and non-AD KDC

Nuno Pereira nuno at emd.be
Wed Mar 5 10:53:02 GMT 2003


We've been testing Samba 3 for some time now, and we had absolutely no 
problems connecting it to Windows 2000 KDC, etc...

Now, we're trying to push it further and have it authenticate against a 
non-windows KDC, and I have to admit that I am nowhere near to it. I've 
seen a few discussions in this list regarding exactly this issue, but I 
still don't get it ;-))

I have my KDC set up and it is working (I can authenticate linux users 
with it). I compiled Samba 3 using --with-pam_krb5 and --with-krb5

It compiles and installs correctly, no problem.

My problem now is: what options can I use in smb.conf to enable this? I've 
used realm = MYREALM.COM, password server = mykdc.myrealm.com, I even 
played around with the security = ADS, which of course is not of much use 
if you don't have AD.

And nothing I do seems to kick off "kerberization" of samba, it will never 
try to get a ticket for any user. I've tested with both XP and 2K clients.

Any clues, pointers, tips are very very welcome.

Thanks in advance,


PS - Thanks for the great job you've been doing so far with Samba
PPS - Googling for my answers is no help - whenever you search for "samba 
kerberos" or "samba KDC" you will always get links to the Active-Directory 
integration. What we want is to eliminate AD completely and have our 
windows boxes using our own KDC and LDAP directory.

More information about the samba mailing list