[Samba] Setup LDAPS or other solution for ldap
Kees van Vloten
keesvanvloten at gmail.com
Wed May 10 16:01:06 UTC 2023
Op 10-05-2023 om 11:33 schreef matti.kaupenjohann:
>> It will work, as long as you can authenticate either with
>> user/password or with kerberos you can run ldap queries.
> So far I understand, Kerberos can work on systems which are not a
> domain member, but I cannot find any instruction on how to achieve a
> correct setup. Most instruction beginning with setup of a KDC which
> makes no sense, since I already have the samba dc. The approach worked
> fine for my server which is already domain member. But my non domain
> member has kerberos not installed so the command kinit is obvious not
> available. What boggers me as well: Is running "sudo kinit
> administrator" on a non domain member really possible? How does kinit
> know what the DC is?
>
> Matti
>
Indeed Samba-AD-DC includes a KDC, the only thing you have to do is to
setup the kerberos client on the clients machines and point it to your DC.
Now you can use kinit to get a ticket.
You can also create a machine account or a service account (do set a
random password), export the keytab and use that on your client so that
services (like apache) can interact with kerberos without the machine
being a domain-member.
- Kees.
More information about the samba
mailing list