[Samba] Samba "pass" authentication to OpenID or SAML (external)
Thiago Anderson Santos
thiago.santos at zup.com.br
Fri Oct 11 09:51:18 UTC 2019
I believe I will need to do an Adfs for this kind of authentication. I
found nothing in documented about federation service, is it possible
to do samba?
Em sex, 11 de out de 2019 00:16, Andrew Bartlett <abartlet at samba.org>
> On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba
> > Hello everyone,
> > I received a somewhat strange and complicated demand today.
> > The idea of the manager is to use samba as a domain server but the
> > directory tree (authentication and authorization of users) is on an
> > external SAML server using keycloak. The samba will pass only GPO.
> > Is this possible?
> > As far as I've seen samba works the version of Windows Active
> > Directory as
> > well, and I've used it a lot as a domain server authenticating and
> > authorizing users in addition to group policies.
> > Thank you all,
> Sadly not, but I certainly wish this kind of thing were possible. The
> primary barrier is that (Windows) clients expect a KDC for Kerberos,
> and not this modern world of web authentication.
> The reverse has been done however, which is to have Keycloak back onto
> Samba AD using our LDAP server.
> Andrew Bartlett
> Andrew Bartlett https://samba.org/~abartlet/
> Authentication Developer, Samba Team https://samba.org
> Samba Developer, Catalyst IT
More information about the samba