[Samba] Samba AD DC autenticated by non-AD Kerberos (~ Re: Samba authentication using non-AD Kerberos?)
Andrew Bartlett
abartlet at samba.org
Sat Apr 22 08:12:28 UTC 2017
On Thu, 2017-04-20 at 14:46 +0100, Rowland Penny via samba wrote:
> On Thu, 20 Apr 2017 07:32:16 -0600 (MDT)
> S P Arif Sahari Wibowo via samba <samba at lists.samba.org> wrote:
>
> > On 2017-04-20, 03:35, Andrew Bartlett via samba wrote:
> > > I think you really want to move to Samba as an AD DC.
> >
> > In that case, how can I setup a Samba AD DC which has its
> > authentication came from another non-AD Kerberos service?
> > Preferably in a separate server from the Kerberos service.
>
> I don't think you can.
To be clear, this would be an 'MIT Trust'. This isn't currently
supported, but would allow you to authenticate with the username and
password via krb5 from the trusted domain, but use the ticket to log in
to the Windows desktop and the Samba file server.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list