Web lists-archives.com

Re: [Samba] Samba AD DC autenticated by non-AD Kerberos (~ Re: Samba authentication using non-AD Kerberos?)




On Thu, 2017-04-20 at 14:46 +0100, Rowland Penny via samba wrote:
> On Thu, 20 Apr 2017 07:32:16 -0600 (MDT)
> S P Arif Sahari Wibowo via samba <samba@xxxxxxxxxxxxxxx> wrote:
> 
> > On 2017-04-20, 03:35, Andrew Bartlett via samba wrote:
> > > I think you really want to move to Samba as an AD DC.
> > 
> > In that case, how can I setup a Samba AD DC which has its 
> > authentication came from another non-AD Kerberos service? 
> > Preferably in a separate server from the Kerberos service.
> 
> I don't think you can.

To be clear, this would be an 'MIT Trust'.  This isn't currently
supported, but would allow you to authenticate with the username and
password via krb5 from the trusted domain, but use the ticket to log in
to the Windows desktop and the Samba file server. 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba