[Samba] Failing authentication when PAC present in kerberos service ticket
Rowland Penny
rpenny at samba.org
Thu Feb 3 13:17:44 UTC 2022
On Thu, 2022-02-03 at 14:55 +0200, Ahti Seier via samba wrote:
> Hello,
>
> We have been running samba in standalone mode (security = user)
> with
> kerberos authentication.
> So I was wondering. What benefits will I actually get from running
> winbind instead of having NSS on the hosts resolve users and groups?
>
> Or am ai going about this a wrong way? Is there a better way to
> authenticate AD users to a non-ad joined host?
I do not understand why you are running Freeipa and AD, they both do
basically the same thing, I also do not understand why you are using
standalone servers in an AD/freeipa domain.
The benefits you will get from turning your standalone servers into
Unix domain members are, ACL support and NTLM fallback.
I think we need a bit more info, why do you need to run standalone
servers ?
Rowland
More information about the samba
mailing list