[Samba] Samba4 ROLE_STANDALONE vs Kerberos = NT_STATUS_LOGON_FAILURE

[Andrew Bartlett]

On Fri, 2020-10-30 at 03:05 +0100, Jacek via samba wrote:
>  >
> I do not understand why you are doing this, for kerberos to work 
> correctly, you need to be able to find everything easily and
> everything 
> must be using the same time. So, you need kerberos, a dns server and
> an 
> ntp server and if you want more than authentication, you need a 
> fileserver. OH look, I just described Active Directory 😁
> 
> Not saying you cannot get this setup to work, but why are you
> attempting 
> to reinvent the wheel ?
> 
> Rowland
> 
> 
>   He did not reinvent the wheel.
>   I tested Samba DC out of curiosity, but it had too many bugs to
> use, 
> so I quit DC and went back to Standalone.

The fact that you discard a well tested and well understood
configuration for another valid, but not-well-tested and much less
widely understood configuration suggests to me that you may need to
spend a lot more time with your curiosity if you want this to work.

Yes, we can currently accept 'MIT style' kerberos tickets from an old-
style realm, but I would never advise to start a new realm in 2020 that
way.

Andrew Bartlett

-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba