[Samba] Minimum footprint for authenticating CIFS shares with Kerberos
Dorian Taylor (Lists)
lists at doriantaylor.com
Fri Jan 22 20:23:07 UTC 2021
> On Jan 22, 2021, at 11:56 AM, Rowland penny via samba <samba at lists.samba.org> wrote:
> You do realise that they are the main components of AD.
I do! And they are working just fine and I would prefer not to get rid of them, because they are already configured and I am using them for things.
> No such thing, there is an AD DC and an NT4-style PDC, but they are totally different things 😁
Thank you for apprising me of the correct terminology.
> I take it you haven't read any AD documentation 😮
I’m awash in documentation. For the record it isn’t obvious from the outside that Samba has to manage all of those services internally and not avail itself of existing resources.
> This is because you now use 'samba-ad-dc' to start the Samba AD DC and 'smbd', 'nmbd' and 'winbind' to start the daemons for a Unix domain member.
Yeah, thanks, I found that shortly after sending.
> Easy, turn off your ldap server, KDC and DNS server, then start your AD DC with 'systemctl start samba-ad-dc', though you will probably have to unmask it first.
Perhaps the question I should have asked is “how closely-coupled is using Kerberos to authenticate to a Samba share to the whole AD ball of wax?“, but it looks like the answer is “It’s all or nothing, baby.”
Make things. Make sense.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 874 bytes
Desc: Message signed with OpenPGP
More information about the samba