[Samba] Minimum footprint for authenticating CIFS shares with Kerberos

Dorian Taylor (Lists) lists at doriantaylor.com
Fri Jan 22 19:15:52 UTC 2021

Good day,

I have a home office network where, because of work, I already have:

* an LDAP server
* a Kerberos KDC/admin server
* a DNS server

What I am after is a quasi-replacement for the AFS server I just removed after ten years, i.e., I want to access files over a network, and I want to be able to authenticate to that service using Kerberos.

I followed some instructions to set Samba up as an Active Directory PDC, but I didn’t realize, at the outset, that meant spinning up a bunch of its own daemons that are fighting for the same ports a bunch of services are already running on.

(For what it’s worth, the server is Ubuntu 20.04, which is curiously missing a systemd service definition for the `samba` daemon.)

I suppose my question is: To what extent I can configure Samba to provide just enough material to, for instance, fool a Mac’s native CIFS client into authenticating to a Samba share with Kerberos?

Thanks in advance,

Dorian Taylor
Make things. Make sense.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.samba.org/pipermail/samba/attachments/20210122/6696634a/signature.sig>

More information about the samba mailing list