[Samba] Is LDAP + Kerberos without Active Directory no longer supported?
Christian Naumer
christian.naumer at greyfish.net
Fri Apr 14 18:20:30 UTC 2023
Am 14.04.23 um 18:02 schrieb Daniel Lakeland via samba:
> Any help would be appreciated. I'm beginning to suspect this
> functionality was lost.
There where some people that posted here with the same Problem.
I have never done this. So everything from here is just "having an
educated guess".
If you look at the link I posted, there is a smb.conf given. I would
take that as a starting point an leave out IPA where possible.
There idmap backend = sss is given. Does that exist on Debian? If not
idmap nss should work for you.
What I also think is important is:
dedicated keytab file = FILE:/etc/samba/samba.keytab
kerberos method = dedicated keytab
and
# We force 'member server' role to allow winbind automatically
# discover what is supported by the domain controller side
server role = member server
realm = IPA.REALM
netbios name = ${machine_name}
workgroup = ${netbios_name}
Apparently FreeIPA also has something like SID. Does your REALM have
something like that?
In the mean time I tried to find some examples I found this (where you
also posted)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001053
This says two things other have this working with Samba >4.8 (4.13 in
the Bug report) which means it should work for you (expect for this
Bug). There are also some smb.conf given in that report.
Don't know if the above will help you...
Regards
Christian
More information about the samba
mailing list