[Samba] Samba "pass" authentication to OpenID or SAML (external)

Andrew Bartlett abartlet at samba.org
Fri Oct 11 03:15:57 UTC 2019


On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba
wrote:
> Hello everyone,
> I received a somewhat strange and complicated demand today.
> 
> The idea of the manager is to use samba as a domain server but the
> directory tree (authentication and authorization of users) is on an
> external SAML server using keycloak. The samba will pass only GPO.
> 
> Is this possible?
> 
> As far as I've seen samba works the version of Windows Active
> Directory as
> well, and I've used it a lot as a domain server authenticating and
> authorizing users in addition to group policies.
> 
> Thank you all,

Sadly not, but I certainly wish this kind of thing were possible.  The
primary barrier is that (Windows) clients expect a KDC for Kerberos,
and not this modern world of web authentication.

The reverse has been done however, which is to have Keycloak back onto
Samba AD using our LDAP server. 

Andrew Bartlett

-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba






More information about the samba mailing list