Samba AD DC and Kerberos

mathias dufresne infractory at gmail.com
Wed Sep 30 14:49:27 UTC 2015 

1. I thought you don't really need winbind configured but Kerberos is
mandatory.

2. Kerberos is part of AD. AD is not a software or a protocol, it's a
software and protocol aggregate. Kerberos is one part. AD is aggregation of
all parts.

3. ACLs are mandatory to have... ACLs : )
More seriously ACLs are here to be able to have advanced rights (ACLs) on
the few files which could be part of login process. These few files are
GPOs files and startup scripts. GPOs are activated according to these ACLs
set on files in SysVol share. I would expect strange behaviour with SysVol
hosted on some FS not able to understand ACLs.
Now ACLs are not really part of login process, they are more part of login
restriction and post-configuration. Without GPO and without startup
scripts, Windows users should still be able to connect on their system
connected to AD.

4. If no ACLs and no Kerberos, you should go to NT4 domain perhaps...

2015-09-29 13:28 GMT+02:00 Anoop Singh <anoop.singh at celstream.com>:

> Hi learned Members,
>
> I have few questions regarding configuring samba as Active directory
> domain controller and in case of connecting samba with windows active
> directory.
>
> 1.       To connect Samba with Windows active directory we need winbind
> and Kerberos configured. Is Kerberos a must requirement? Is there any way
> to bypass it or use some other protocol?
>
> 2.       In the above case I can understand as we are connecting to
> windows active directory Kerberos may be needed but when we configure samba
> itself as an active directory domain controller why is Kerberos needed? Is
> it for testing purpose only? Is there a way to bypass it or use some other
> protocol?
>
> 3.       Do we need ACL, xattr support mandatorily to make both
> configurations work means samba as AD DC and connecting samba to windows AD?
>
> Clarification will be highly appreciated.
>
> Thanks & regards,
> Anoop.
>
>
>
> -----------------------------------------------------------------------------------------------------------------------------
> DISCLAIMER: This electronic message and any attachments to this electronic
> message is intended for the exclusive use of the addressee(s) named herein
> and may contain legally privileged and confidential information. It is the
> property of Celstream Technologies Private Limited. If you are not the
> intended recipient, you are hereby strictly notified not to copy, forward,
> distribute or use this message or any attachments thereto. If you have
> received this message in error, please delete it and all copies thereof,
> from your system and notify the sender at Celstream Technologies or
> administrator at celstream.com immediately.
>
> -----------------------------------------------------------------------------------------------------------------------------
>

More information about the samba-technical mailing list