Web lists-archives.com

Re: [Samba] Samba authentication using non-AD Kerberos?




On 2017-04-20, 03:35, Andrew Bartlett via samba wrote:
Not windows clients without much pain. In theory Windows can join a non-AD KDC, but it is incredibly rarely done.

Would you mind to give clearer picture how much pain we are talking about here? Any link to somebody who did it? I need to compare it to the pain of another alternatives I have in the table, like let clients mount files using sshfs.

On 2017-04-22, 02:27, Andrew Bartlett via samba wrote:
As I mentioned first up, please set
security=user
...
         password server = mykerberos.myrealm.ca

Don't set this. Samba won't be contacting the KDC, in Kerberos that is the client's job.

Turn out when I manage to get it working, neither option matter, I can set it up either way and still works. This is the configuration that works:

[global]
        workgroup = MYREALM.CA
        server string = MyTest Samba Server Version %v
        netbios name = myserver
        dns proxy = no
        log file = /var/log/samba/log.%m
        max log size = 50
        realm = MYREALM.CA
        kerberos method = dedicated keytab
        dedicated keytab file = /etc/krb5.keytab
        log level = 3 passdb:5 auth:10
        obey pam restrictions = no
        load printers = no
        cups options = raw
        printing = bsd
[tmp]
        comment = Temporary Stuff
        path = /tmp
        public = yes
        writable = yes
        printable = no

--
   ____  ____  ____  ____ (stephan paul) Arif Sahari Wibowo
  /___  /___/ /___/ /___      http://www.arifsaha.com/
 ____/ /     /   / ____/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba