[Samba] Samba AD DC authenticated by external Kerberos (~ Re: Samba authentication using non-AD Kerberos?)
gaiseric.vandal at gmail.com
Thu Apr 27 13:13:43 UTC 2017
On 04/25/17 17:04, S P Arif Sahari Wibowo via samba wrote:
> On 2017-04-22, 02:12, Andrew Bartlett via samba wrote:
>> To be clear, this would be an 'MIT Trust'. This isn't currently
>> supported, but would allow you to authenticate with the username and
>> password via krb5 from the trusted domain, but use the ticket to log
>> in to the Windows desktop and the Samba file server.
> Actually no. I fork this thread to specifically asking question about
> setting up Samba AD DC / ADS with external Kerberos server. Sorry the
> title a bit confusin, I fixed it a little bit. So presumably the
> client can login as if login to normal AD DC / ADS.
> Thank you!
A Samba AD directory server (domain controller) is its own kerberos
server. I don't see how you could configure it to use another
KDC. Depending on how may computers in your environment, it may be
easier to have the non-AD Kerberos clients use to the Samba DC as the KDC.
More information about the samba