[Samba] Authentification against kerberos / sssd

Rowland Penny rpenny at samba.org
Tue Dec 11 14:23:33 UTC 2018


On Tue, 11 Dec 2018 15:09:39 +0100
tseegerkrb via samba <samba at lists.samba.org> wrote:

> Hello list,
> 
> a quick question. Right now I have a combination of MIT Kerberos,
> OpenLDAP and SSSD for authenticating my users. Is there a way that
> Samba can use this setup to perform user authentication. I only want
> to access the shares of the Samba server from about 8 Windows
> computers. I am aware that I cannot make an Active Directory out of
> this.
> 
> At the moment I have stored the users in a local passdb, which works
> but is very unpleasant.
> 

That is why Microsoft came up with domains ;-)

If you look at Active Directory, it is basically composed of kerberos,
ldap and dns., so you can replace your kerberos and ldap servers with a
Samba AD DC, this also come with winbind which will replace sssd.

There is just one possible fly in the ointment, you mention MIT & sssd,
is this using a red-hat OS ?
If it is, you cannot use the OS packages to create an AD DC, or if you
can (Fedora), it shouldn't be used in production.

Rowland




More information about the samba mailing list