Am 18.04.2017 um 20:36 schrieb S P Arif Sahari Wibowo via samba:> On 2017-04-17, 15:23, Andrew Bartlett via samba wrote: >> No, but your clients will need to get a ticket somehow. That is >> presumably already happening otherwise you wouldn't be asking for this. > > No, the situation is that currently I only have Kerberos server, but not > ADS. I like to setup Samba server so MS Windows and macOS clients (in > various IP address) can login to it, but I like to use existing Kerberos > server as the authentication source. > > Will this be possible? > > Can this be done without the MS Windows and macOS client have direct > access to the Kerberos server? > >> You need a keytab for cifs/hostname just as you would for IMAP or some >> other kerberised service. > > Do you know how this works in MS Windows / macOS? >There is a tutorial how to make a Kerberos server to be a samba server too. It is available at: http://www.danbishop.org/2015/01/30/ubuntu-14-04-ultimate-server-guide/8/
On Wed, 19 Apr 2017 09:22:47 +0200 Stefan Just via samba <samba at lists.samba.org> wrote:> > There is a tutorial how to make a Kerberos server to be a samba > server too. > > It is available at: > http://www.danbishop.org/2015/01/30/ubuntu-14-04-ultimate-server-guide/8/ >There is a big problem with that tutorial, one of the first things it tells you to do is to install libpam-smbpass. This has been remove from Samba. If you do follow the instructions, a subsequent update may upgrade Samba, and you may find it suddenly stops working. Rowland
Am 19.04.2017 um 14:37 schrieb Rowland Penny via samba:> On Wed, 19 Apr 2017 09:22:47 +0200 > Stefan Just via samba <samba at lists.samba.org> wrote: > >> >> There is a tutorial how to make a Kerberos server to be a samba >> server too. >> >> It is available at: >> http://www.danbishop.org/2015/01/30/ubuntu-14-04-ultimate-server-guide/8/ >> > > There is a big problem with that tutorial, one of the first things > it tells you to do is to install libpam-smbpass. This has been > remove from Samba. If you do follow the instructions, a subsequent > update may upgrade Samba, and you may find it suddenly stops working. > > Rowland >libpam-smbpass was dropped with Samba 4.4. So you have to use samba 4.3.