[Samba] Samba authentication using non-AD Kerberos?
S P Arif Sahari Wibowo
arifsaha at yahoo.com
Tue Apr 25 21:23:38 UTC 2017
On 2017-04-20, 03:35, Andrew Bartlett via samba wrote:
> Not windows clients without much pain. In theory Windows can
> join a non-AD KDC, but it is incredibly rarely done.
Would you mind to give clearer picture how much pain we are
talking about here? Any link to somebody who did it? I need to
compare it to the pain of another alternatives I have in the
table, like let clients mount files using sshfs.
On 2017-04-22, 02:27, Andrew Bartlett via samba wrote:
> As I mentioned first up, please set
> security=user
...
>> password server = mykerberos.myrealm.ca
>
> Don't set this. Samba won't be contacting the KDC, in
> Kerberos that is the client's job.
Turn out when I manage to get it working, neither option matter,
I can set it up either way and still works. This is the
configuration that works:
[global]
workgroup = MYREALM.CA
server string = MyTest Samba Server Version %v
netbios name = myserver
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 50
realm = MYREALM.CA
kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5.keytab
log level = 3 passdb:5 auth:10
obey pam restrictions = no
load printers = no
cups options = raw
printing = bsd
[tmp]
comment = Temporary Stuff
path = /tmp
public = yes
writable = yes
printable = no
--
____ ____ ____ ____ (stephan paul) Arif Sahari Wibowo
/___ /___/ /___/ /___ http://www.arifsaha.com/
____/ / / / ____/
More information about the samba
mailing list