[Samba] Samba authentication using non-AD Kerberos?
abartlet at samba.org
Mon Apr 17 21:23:37 UTC 2017
On Sun, 2017-04-16 at 19:06 -0600, S P Arif Sahari Wibowo via samba
> On 2017-04-13, 01:58, Andrew Bartlett via samba wrote:
> > On Wed, 2017-04-12 at 19:17 -0600, S P Arif Sahari Wibowo via samba
> > wrote:
> > > Do you know any example Samba configuration that
> > > authenticate to plain - non-AD, e.g. MIT KDC - Kerberos
> > > server?
> > This a normal and fully supported configuration. It maps to
> > normal unix users.
> Thanks! is it mean that the OS (Linux) have to setup for login
> using Kerberos as well?
No, but your clients will need to get a ticket somehow. That is
presumably already happening otherwise you wouldn't be asking for this.
> I was looking into samba wiki pages and cannot find
> documentation for this. Generally most the documentation pages
> either discussing samba as AD member or standalone.
> > From memory:
> > security=user
> > use kerberos keytab = system keytab
> Thanks! Obviously there is no "net ads join" command, so
> anything to be done instead of that?
You need a keytab for cifs/hostname just as you would for IMAP or some
other kerberised service.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba