[Samba] Samba authentication using non-AD Kerberos?
Rowland Penny
rpenny at samba.org
Thu Apr 20 16:47:50 UTC 2017
On Thu, 20 Apr 2017 10:11:49 -0600 (MDT)
S P Arif Sahari Wibowo via samba <samba at lists.samba.org> wrote:
> On 2017-04-20, 08:03, Rowland Penny via samba wrote:
> > It works against a Samba AD DC from a Unix domain member,
>
> There are no Samba AD DC, as the title said, I am setting Samba
> to authenticate with non-AD Kerberos.
What I was trying to point out that was it works on a Unix Samba
domain member against a Samba DC and if it doesn't work for you against
your kdc, then this is another reason to use an AD DC.
>
> > provided you change 'localhost' to the domain members short
> > hostname.
>
> No change:
>
> # smbclient -k -U mykerbuser -L myserver
> session setup failed: NT_STATUS_IO_TIMEOUT
There you go, it doesn't work against a standalone kerberos server. You
could try setting up your Samba server as per here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Use the 'rid' backend and start the 'winbind' binary.
If this doesn't work, you will probably have to setup a Samba AD DC.
Rowland
More information about the samba
mailing list