[Samba] Samba authentication using non-AD Kerberos?

S P Arif Sahari Wibowo arifsaha at yahoo.com
Thu Apr 27 13:17:22 UTC 2017

On 2017-04-25, 15:40, Andrew Bartlett via samba wrote:
> This looks like the instructions:
> https://social.technet.microsoft.com/wiki/contents/articles/2751.kerberos-interoperability-step-by-step-guide-for-windows-server-2003.aspx#Using_an_MIT_KDC_with_a_Stand-alone_Windows_Server_TwentyOhThree_Client

Thanks Andrew! This is quiet useful info.

> Also, you still have to create all the user accounts on each 
> Windows client, you just get to share the passwords.


> All in all, you start to see why we built Samba's AD DC.  You 
> might not be able to use it, but we didn't think the 
> alternative was practical either.

I brought up the question about using that in a forked thread, 
it seems like Rowland Penny thing it will be impossible either.

My requirement is simple, we have existing OpenLDAP and Kerberos 
authentication system, and I want MS Windows to be able to mount 
shares from my server using credentials from that authentication 
system. In the old days (Samba 3), it can use LDAP for login but 
doing that by storing password in LDAP field using unsecure 
encryption, and I cannot do that now. I thought now with Samba 4 
it will be possible to do with Kerberos.

Thank you.

    ____  ____  ____  ____ (stephan paul) Arif Sahari Wibowo
   /___  /___/ /___/ /___      http://www.arifsaha.com/
  ____/ /     /   / ____/

More information about the samba mailing list