[Samba] LDAP + Keytab without requiring administrator logins
Andrew Bartlett
abartlet at samba.org
Wed Feb 3 01:35:30 UTC 2021
On Tue, 2021-02-02 at 16:44 -0800, Christian Kuntz via samba wrote:
> > Why are you setting it to ldapsam ?
>
>
> We want users to be resolved over LDAP, I'm under the impression from
>
> reading the documentation and testing that this setting is required
> to
>
> allow ldap users to mount shares.
I would warn you that you are in a very niche use case. I take it that
you are setting up a standalone file server in a not-AD domain that
accepts kerberos credentials issued by a 'MIT' (or Heimdal) KDC for
Unix clients.
In that case, if you have no NTLM clients then perhaps you don't need
ldapsam, and want to instead just directly map onto the nsswitch-
provided users. Note that many other things (like group mapping) also
won't work.
If any of this is not true, and you are using AD DC, then please join
the AD domain as per the typical instructions.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba
mailing list