[Samba] Samba authentication using non-AD Kerberos?

Rowland Penny rpenny at samba.org
Thu Apr 20 16:47:50 UTC 2017

On Thu, 20 Apr 2017 10:11:49 -0600 (MDT)
S P Arif Sahari Wibowo via samba <samba at lists.samba.org> wrote:

> On 2017-04-20, 08:03, Rowland Penny via samba wrote:
> > It works against a Samba AD DC from a Unix domain member,
> There are no Samba AD DC, as the title said, I am setting Samba 
> to authenticate with non-AD Kerberos.

What I was trying to point out that was it works on a Unix Samba
domain member against a Samba DC and if it doesn't work for you against
your kdc, then this is another reason to use an AD DC.

> > provided you change 'localhost' to the domain members short 
> > hostname.
> No change:
> # smbclient -k -U mykerbuser -L myserver
> session setup failed: NT_STATUS_IO_TIMEOUT

There you go, it doesn't work against a standalone kerberos server. You
could try setting up your Samba server as per here:


Use the 'rid' backend and start the 'winbind' binary.

If this doesn't work, you will probably have to setup a Samba AD DC.


More information about the samba mailing list