[Samba] Samba authentication using non-AD Kerberos?
Andrew Bartlett
abartlet at samba.org
Tue Apr 25 21:40:25 UTC 2017
On Tue, 2017-04-25 at 15:23 -0600, S P Arif Sahari Wibowo via samba
wrote:
> On 2017-04-20, 03:35, Andrew Bartlett via samba wrote:
> > Not windows clients without much pain. In theory Windows can
> > join a non-AD KDC, but it is incredibly rarely done.
>
> Would you mind to give clearer picture how much pain we are
> talking about here? Any link to somebody who did it? I need to
> compare it to the pain of another alternatives I have in the
> table, like let clients mount files using sshfs.
This looks like the instructions:
https://social.technet.microsoft.com/wiki/contents/articles/2751.kerber
os-interoperability-step-by-step-guide-for-windows-server-
2003.aspx#Using_an_MIT_KDC_with_a_Stand-
alone_Windows_Server_TwentyOhThree_Client
In terms of pain, let me put it this way: You are the first person I
can remember asking about this on the Samba lists.
Also, you still have to create all the user accounts on each Windows
client, you just get to share the passwords.
All in all, you start to see why we built Samba's AD DC. You might not
be able to use it, but we didn't think the alternative was practical
either.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list