[Samba] Is LDAP + Kerberos without Active Directory no longer supported?

Daniel Lakeland dlakelan at street-artists.org
Fri Apr 14 23:18:07 UTC 2023

On 4/14/23 14:19, Daniel Lakeland via samba wrote:
> Yes, it looks like it began around the 4.8 era 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899269 shows that I 
> was able to use this config with 4.7.4+dfsg-2, also it has another 
> person reporting the same issue I was. Debian reported that they 
> believed that bug was fixed in 4.9 but I'm not sure what I was using 
> before my most recent upgrade.
> I would guess I was using 4.7.4+dfsg-2 prior to my recent upgrade on 
> the basis of that bug report above.
> From 2020-2022 or so because of the pandemic the usage of these 
> machines was relatively low and this is the first time where we're 
> doing substantial maintenance since start of the pandemic.
OK some additional version info!

I have a server running a similar type of setup in my home and forgot 
that I had samba installed. Debian Samba package version 4.16.0+dfsg-7

It's accessible from my desktop via Kerberos! It's running with the 
following settings:

    workgroup = MYREALM.REALM
    realm = MYREALM.REALM
    kerberos encryption types = strong
    kerberos method = secrets and keytab
    security = user
    encrypt passwords = yes
    server role = standalone server

After ensuring it had cifs/servername.here in its keytab, I was able to 
connect from my desktop via:

smbclient --use-kerberos=required '\\servername.here\dlakelan'

and was able to ls my home directory.

Winbind is NOT installed in any way on this server.

So what does that mean? :-)

I'm going to check the settings on the main server of interest to see if 
I can make them similar and get something to work.

More information about the samba mailing list