[Samba] Connect Samba 4.3 to an existing Kerberos server

mathias dufresne infractory at gmail.com
Thu Dec 15 16:19:54 UTC 2016

2016-12-13 13:56 GMT+01:00 Stefan Just via samba <samba at lists.samba.org>:

> Hello,
> I want to connect Samba 4.3 to an existing Kerberos server. So that the
> users who already exist in Kerberos can log on to the Windows clients of
> our Samba server.
> In the documentation of Windows Server I found the following:
> "You can establish a realm trust between any non-Windows Kerberos
> version 5 (V5) realm and an Active Directory domain."

Here "trust" means "trust relationship", a way to achieve what you want, to
make things from domain A available to domain B, and possibly things from B
available to A. Trust are directional. They also can be transitive or not.
If A can access B with some trust, if B has transitive trust to C (with
right direction of course) then A can access also C.

Now Samba is able to build only bidirectional and transitive trusts. Have a
look to "samba-tool domain trust" to know how Samba can create trusts.
Perhaps if it is your Kerberos domain which initiate the trust it would be
better for your need, no idea, they're yours ;)

> I have already set up an AD DC. But I had no success to join our MIT
> Kerberos.
> Is this possible with Samba and if so, how is it done?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list