[Samba] Samba "pass" authentication to OpenID or SAML (external)
Andrew Bartlett
abartlet at samba.org
Fri Oct 11 03:15:57 UTC 2019
On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba
wrote:
> Hello everyone,
> I received a somewhat strange and complicated demand today.
>
> The idea of the manager is to use samba as a domain server but the
> directory tree (authentication and authorization of users) is on an
> external SAML server using keycloak. The samba will pass only GPO.
>
> Is this possible?
>
> As far as I've seen samba works the version of Windows Active
> Directory as
> well, and I've used it a lot as a domain server authenticating and
> authorizing users in addition to group policies.
>
> Thank you all,
Sadly not, but I certainly wish this kind of thing were possible. The
primary barrier is that (Windows) clients expect a KDC for Kerberos,
and not this modern world of web authentication.
The reverse has been done however, which is to have Keycloak back onto
Samba AD using our LDAP server.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list