[Samba] Samba authentication using non-AD Kerberos?

Stefan Just just at tu-harburg.de
Wed Apr 19 07:22:47 UTC 2017

Am 18.04.2017 um 20:36 schrieb S P Arif Sahari Wibowo via samba:
> On 2017-04-17, 15:23, Andrew Bartlett via samba wrote:
>> No, but your clients will need to get a ticket somehow.  That is
>> presumably already happening otherwise you wouldn't be asking for this.
> No, the situation is that currently I only have Kerberos server, but not
> ADS. I like to setup Samba server so MS Windows and macOS clients (in
> various IP address) can login to it, but I like to use existing Kerberos
> server as the authentication source.
> Will this be possible?
> Can this be done without the MS Windows and macOS client have direct
> access to the Kerberos server?
>> You need a keytab for cifs/hostname just as you would for IMAP or some
>> other kerberised service.
> Do you know how this works in MS Windows / macOS?

There is a tutorial how to make a Kerberos server to be a samba server too.

It is available at:

More information about the samba mailing list