Re: [Samba] Authentification against kerberos / sssd
- Date: Tue, 11 Dec 2018 14:52:07 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Authentification against kerberos / sssd
On Tue, 11 Dec 2018 15:36:23 +0100
tseegerkrb via samba <samba@xxxxxxxxxxxxxxx> wrote:
> On 11.12.18 15:23, Rowland Penny via samba wrote:
> > On Tue, 11 Dec 2018 15:09:39 +0100
> > tseegerkrb via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >> Hello list,
> >> a quick question. Right now I have a combination of MIT Kerberos,
> >> OpenLDAP and SSSD for authenticating my users. Is there a way that
> >> Samba can use this setup to perform user authentication. I only
> >> want to access the shares of the Samba server from about 8 Windows
> >> computers. I am aware that I cannot make an Active Directory out of
> >> this.
> >> At the moment I have stored the users in a local passdb, which
> >> works but is very unpleasant.
> > That is why Microsoft came up with domains ;-)
> > If you look at Active Directory, it is basically composed of
> > kerberos, ldap and dns., so you can replace your kerberos and ldap
> > servers with a Samba AD DC, this also come with winbind which will
> > replace sssd.
> > There is just one possible fly in the ointment, you mention MIT &
> > sssd, is this using a red-hat OS ?
> > If it is, you cannot use the OS packages to create an AD DC, or if
> > you can (Fedora), it shouldn't be used in production.
> > Rowland
> Hello Rowland,
> thanks for your answer but I don't want to replace my kerberos & ldap
> setup with an AD server. Basically I only want to control access to
> the handful of Samba shares.
Well, its your setup, but using an AD domain parcels it up into one
neat package ;-)
There is plenty of info out there on how to do what you want, but it is
mostly very old.
To unsubscribe from this list go to the following URL and read the