[Samba] Samba AD DC autenticated by non-AD Kerberos (~ Re: Samba authentication using non-AD Kerberos?)

Andrew Bartlett abartlet at samba.org
Sat Apr 22 08:12:28 UTC 2017

On Thu, 2017-04-20 at 14:46 +0100, Rowland Penny via samba wrote:
> On Thu, 20 Apr 2017 07:32:16 -0600 (MDT)
> S P Arif Sahari Wibowo via samba <samba at lists.samba.org> wrote:
> > On 2017-04-20, 03:35, Andrew Bartlett via samba wrote:
> > > I think you really want to move to Samba as an AD DC.
> > 
> > In that case, how can I setup a Samba AD DC which has its 
> > authentication came from another non-AD Kerberos service? 
> > Preferably in a separate server from the Kerberos service.
> I don't think you can.

To be clear, this would be an 'MIT Trust'.  This isn't currently
supported, but would allow you to authenticate with the username and
password via krb5 from the trusted domain, but use the ticket to log in
to the Windows desktop and the Samba file server. 

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list