[Samba] Samba 4.2.15 and MIT Kerberos External Authentication
Rowland Penny
rpenny at samba.org
Wed Apr 9 07:06:25 UTC 2025
On Tue, 8 Apr 2025 18:24:57 -0400
igor noredinoski via samba <samba at lists.samba.org> wrote:
> Hello, I have been trying to get Samba 4.21.5 setup to use an
> external MIT kerberos authentication system on Debian 12. I realize
> this feature is still experimental, but I just wanted to confirm if I
> am missing a critical detail as it seems to be correctly installed
> except that it's not passing the credentials from the windows client
> correctly. I
>
> I have Samba complied as per the doc with SAMBA_USES_MITKDC. And it's
> installed in /use/loca/samba/*
>
> I have configured my default realm as DEPT.LOCAL and the external
> realm is COMPANY.COM
>
> I have setup a samba usermap and created a local samba user named
> foo at DEPT.LOCAL which has an account with password foo at COMPANY.COM
>
> My user.map is as per below.
>
> foo = foo at COMPANY.COM
It sounded like you had set up Samba as an AD DC using MIT instead of
Hiemdal until here, now I am not so sure. It sounds like you have an
existing Kerberos realm and you are trying to get a Samba AD DC to auth
from that, if that is the case, then that is not how you are supposed
to do it.
If you want to see how to set up a DC with MIT, then the easiest way is
to do it on the latest fedora, their Samba AD DC uses MIT by default.
Rowland
More information about the samba
mailing list