Web lists-archives.com

Re: [Samba] Samba AD DC authenticated by external Kerberos (~ Re: Samba authentication using non-AD Kerberos?)




On 04/25/17 17:04, S P Arif Sahari Wibowo via samba wrote:
On 2017-04-22, 02:12, Andrew Bartlett via samba wrote:
To be clear, this would be an 'MIT Trust'. This isn't currently supported, but would allow you to authenticate with the username and password via krb5 from the trusted domain, but use the ticket to log in to the Windows desktop and the Samba file server.

Actually no. I fork this thread to specifically asking question about setting up Samba AD DC / ADS with external Kerberos server. Sorry the title a bit confusin, I fixed it a little bit. So presumably the client can login as if login to normal AD DC / ADS.

Thank you!


A Samba AD directory server (domain controller) is its own kerberos server. I don't see how you could configure it to use another KDC. Depending on how may computers in your environment, it may be easier to have the non-AD Kerberos clients use to the Samba DC as the KDC.







--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba