[Samba] Samba authentication using non-AD Kerberos?

S P Arif Sahari Wibowo arifsaha at yahoo.com
Tue Apr 25 21:23:38 UTC 2017

On 2017-04-20, 03:35, Andrew Bartlett via samba wrote:
> Not windows clients without much pain.  In theory Windows can 
> join a non-AD KDC, but it is incredibly rarely done.

Would you mind to give clearer picture how much pain we are 
talking about here? Any link to somebody who did it? I need to 
compare it to the pain of another alternatives I have in the 
table, like let clients mount files using sshfs.

On 2017-04-22, 02:27, Andrew Bartlett via samba wrote:
> As I mentioned first up, please set
> security=user
>>          password server = mykerberos.myrealm.ca
> Don't set this.  Samba won't be contacting the KDC, in 
> Kerberos that is the client's job.

Turn out when I manage to get it working, neither option matter, 
I can set it up either way and still works. This is the 
configuration that works:

         workgroup = MYREALM.CA
         server string = MyTest Samba Server Version %v
         netbios name = myserver
         dns proxy = no
         log file = /var/log/samba/log.%m
         max log size = 50
         realm = MYREALM.CA
         kerberos method = dedicated keytab
         dedicated keytab file = /etc/krb5.keytab
         log level = 3 passdb:5 auth:10
         obey pam restrictions = no
         load printers = no
         cups options = raw
         printing = bsd
         comment = Temporary Stuff
         path = /tmp
         public = yes
         writable = yes
         printable = no

    ____  ____  ____  ____ (stephan paul) Arif Sahari Wibowo
   /___  /___/ /___/ /___      http://www.arifsaha.com/
  ____/ /     /   / ____/

More information about the samba mailing list