[Samba] Is LDAP + Kerberos without Active Directory no longer supported?
Kees van Vloten
keesvanvloten at gmail.com
Fri Apr 14 10:02:41 UTC 2023
Op 14-04-2023 om 11:31 schreef Rowland Penny via samba:
>
>
> On 14/04/2023 10:03, Kees van Vloten via samba wrote:
>>
>> You could try what Rowland suggests: setup AD and add the users in it.
>>
>> There is no (strict) need to join the client machines, the AD-DC
>> provides a KDC and a LDAP server. You can still use kinit on the
>> clients to authenticate and get a ticket.
>>
>> With an AD-DC and a fileserver (joined to the domain) (on separate
>> machines) your scenario will work pretty much as it always did but
>> with a recent Samba version.
>>
>> Do you see any obstacles, Rowland?
>>
>> - Kees.
>>
>>
>
> No, provided they can get a ticket from the KDC, they will get
> authentication and they will get a better supported product.
>
> Rowland
>
I am confused by the "no", the rest of your sentence confirms exactly
what I was trying to say :-) .
To summarize: Setup AD-DC and doman-join the fileserver. Let the users
login on their machines locally after which they do kinit to
authenticate as a user (not as a machine) to the AD. With that they also
get access to the file-shares (or any other domain resource).
This is all supported by the latest Samba version, so indeed a better
supported setup.
- Kees.
More information about the samba
mailing list