[Samba] winbind with service principal and not machine trust?

Nathaniel W Filardo nwf at cs.jhu.edu
Wed Sep 16 22:10:45 UTC 2015

Hello all.

Our enterprise AD masters are reluctant to give out machine trust accounts
but, seemingly, have no problem giving out service principals.  As we don't
really need or want the whole power of AD, is it possible to authenticate
users using pam_krb5 and have winbind use an AD service principal without
"joining" the machine to the domain?

Could someone hold my hand through the winbind setup in such a case?

Thanks much in advance,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20150916/6316bc2a/attachment.sig>

More information about the samba mailing list