[Samba] Samba4 AD sssd or pam_krb

Chan Min Wai dcmwai at gmail.com
Sat Dec 28 07:38:30 MST 2013


Dear Michael,

I'm on gentoo, as far as I know sssd required mit-krb5 and wouldn't compile
heimdal...

I do hope we can directly use shadow attribute from Samba AD and make it
work like ldap...
But it is missing the access to userpasswd or shadow* attribute...


On Sat, Dec 28, 2013 at 4:54 PM, Michael Wood <esiotrot at gmail.com> wrote:

> Hi
>
> On 24 December 2013 14:12, Chan Min Wai <dcmwai at gmail.com> wrote:
>
>> Dear All,
>>
>> I was using Samba3 + LDAP central authentication for the pass 5 years.
>>
>> And since need to move to Samba4 AD was wonder if there is a way to do
>> linux central authentication without sssd but using pam_krb
>> I'm asking this because I've removed mit-krb5 on my testing machine as
>> required by samba4 in my gentoo.
>>
>
> Samba 4 AD includes its own KDC (based on Heimdal), but you should be able
> to install the MIT krb5 client libs which are what sssd or pam_krb would
> require.  Otherwise, surely they would also work with the heimdal client
> libs?
>
> I don't know how gentoo packages Samba 4, so it might be more or less
> tricky, but the main thing to do is avoid installing the MIT KDC.
>
> So without mit-krb5 sssd don't compile.
>>
>> So was wonder if there any other solution and how hard it will be.
>>
>> I've 2 linux gentoo server will dependent on this central authentication
>> (at lease the user Id and the GID have to be correct)
>>
>> without the proper UID and GID display, I can still see the number just
>> very not convenient and hard to see what I'm doing...
>>
>>
>> Thank You
>
>
> --
> Michael Wood <esiotrot at gmail.com>
>


More information about the samba mailing list