[Samba] Samba AD DC authenticated by external Kerberos (~ Re: Samba authentication using non-AD Kerberos?)

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Apr 27 13:13:43 UTC 2017

On 04/25/17 17:04, S P Arif Sahari Wibowo via samba wrote:
> On 2017-04-22, 02:12, Andrew Bartlett via samba wrote:
>> To be clear, this would be an 'MIT Trust'.  This isn't currently 
>> supported, but would allow you to authenticate with the username and 
>> password via krb5 from the trusted domain, but use the ticket to log 
>> in to the Windows desktop and the Samba file server.
> Actually no. I fork this thread to specifically asking question about 
> setting up Samba AD DC / ADS with external Kerberos server. Sorry the 
> title a bit confusin, I fixed it a little bit. So presumably the 
> client can login as if login to normal AD DC / ADS.
> Thank you!

A Samba AD directory server (domain controller) is its own kerberos 
server.  I don't see how you could configure it to use another 
KDC.       Depending on how may computers in your environment, it may be 
easier to have the non-AD Kerberos clients use to the Samba DC as the KDC.

More information about the samba mailing list