Web lists-archives.com

Re: [Samba] Samba authentication using non-AD Kerberos?




On Sun, 2017-04-16 at 19:06 -0600, S P Arif Sahari Wibowo via samba
wrote:
> On 2017-04-13, 01:58, Andrew Bartlett via samba wrote:
> > On Wed, 2017-04-12 at 19:17 -0600, S P Arif Sahari Wibowo via samba
> > wrote:
> > > Do you know any example Samba configuration that 
> > > authenticate to plain - non-AD, e.g. MIT KDC - Kerberos 
> > > server?
> > 
> > This a normal and fully supported configuration.  It maps to 
> > normal unix users.
> 
> Thanks! is it mean that the OS (Linux) have to setup for login 
> using Kerberos as well?

No, but your clients will need to get a ticket somehow.  That is
presumably already happening otherwise you wouldn't be asking for this.

> I was looking into samba wiki pages and cannot find 
> documentation for this. Generally most the documentation pages 
> either discussing samba as AD member or standalone.
> 
> > From memory:
> > 
> > security=user
> > 
> > use kerberos keytab = system keytab
> 
> Thanks! Obviously there is no "net ads join" command, so 
> anything to be done instead of that?

You need a keytab for cifs/hostname just as you would for IMAP or some
other kerberised service. 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba