[Samba] Samba authentication using non-AD Kerberos?
Andrew Bartlett
abartlet at samba.org
Sat Apr 22 08:27:53 UTC 2017
On Thu, 2017-04-20 at 07:25 -0600, S P Arif Sahari Wibowo via samba
wrote:
> On 2017-04-16, 19:06, S P Arif Sahari Wibowo via samba wrote:
> > I was looking into samba wiki pages and cannot find
> > documentation for this. Generally most the documentation pages
> > either discussing samba as AD member or standalone.
>
> So still looking at this.
>
> So this is the state currently: kerberos setup (krb5.conf and
> keytab) is working in the server, I can do kinit properly. But
> setting of Samba still not working. Here is what I have in
> /etc/smb.conf:
>
> [global]
> workgroup = MYREALM
> server string = UATest Samba Server Version %v
> netbios name = myserver
> log file = /var/log/samba/log.%m
> max log size = 50
> security = ads
As I mentioned first up, please set
security=user
> realm = MYREALM.CA
> password server = mykerberos.myrealm.ca
Don't set this. Samba won't be contacting the KDC, in Kerberos that is
the client's job.
> kerberos method = system keytab
> log level = 3 passdb:5 auth:10
>
> load printers = no
> cups options = raw
> printing = bsd
> [tmp]
> comment = Temporary Stuff
> path = /tmp
> public = yes
> writable = yes
> printable = no
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list