Web lists-archives.com

Re: [Samba] Authentification against kerberos / sssd




On Tue, 11 Dec 2018 15:36:23 +0100
tseegerkrb via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On 11.12.18 15:23, Rowland Penny via samba wrote:
> > On Tue, 11 Dec 2018 15:09:39 +0100
> > tseegerkrb via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > 
> >> Hello list,
> >>
> >> a quick question. Right now I have a combination of MIT Kerberos,
> >> OpenLDAP and SSSD for authenticating my users. Is there a way that
> >> Samba can use this setup to perform user authentication. I only
> >> want to access the shares of the Samba server from about 8 Windows
> >> computers. I am aware that I cannot make an Active Directory out of
> >> this.
> >>
> >> At the moment I have stored the users in a local passdb, which
> >> works but is very unpleasant.
> >>
> > 
> > That is why Microsoft came up with domains ;-)
> > 
> > If you look at Active Directory, it is basically composed of
> > kerberos, ldap and dns., so you can replace your kerberos and ldap
> > servers with a Samba AD DC, this also come with winbind which will
> > replace sssd.
> > 
> > There is just one possible fly in the ointment, you mention MIT &
> > sssd, is this using a red-hat OS ?
> > If it is, you cannot use the OS packages to create an AD DC, or if
> > you can (Fedora), it shouldn't be used in production.
> > 
> > Rowland
> > 
> > 
> Hello Rowland,
> 
> thanks for your answer but I don't want to replace my kerberos & ldap
> setup with an AD server. Basically I only want to control access to
> the handful of Samba shares.
> 
> Thorsten
> 

Well, its your setup, but using an AD domain parcels it up into one
neat package ;-)

There is plenty of info out there on how to do what you want, but it is
mostly very old.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba