[Samba] Samba4 ROLE_STANDALONE vs Kerberos = NT_STATUS_LOGON_FAILURE
Andrew Bartlett
abartlet at samba.org
Fri Oct 30 03:25:29 UTC 2020
On Fri, 2020-10-30 at 03:05 +0100, Jacek via samba wrote:
> >
> I do not understand why you are doing this, for kerberos to work
> correctly, you need to be able to find everything easily and
> everything
> must be using the same time. So, you need kerberos, a dns server and
> an
> ntp server and if you want more than authentication, you need a
> fileserver. OH look, I just described Active Directory 😁
>
> Not saying you cannot get this setup to work, but why are you
> attempting
> to reinvent the wheel ?
>
> Rowland
>
>
> He did not reinvent the wheel.
> I tested Samba DC out of curiosity, but it had too many bugs to
> use,
> so I quit DC and went back to Standalone.
The fact that you discard a well tested and well understood
configuration for another valid, but not-well-tested and much less
widely understood configuration suggests to me that you may need to
spend a lot more time with your curiosity if you want this to work.
Yes, we can currently accept 'MIT style' kerberos tickets from an old-
style realm, but I would never advise to start a new realm in 2020 that
way.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list