Am 19.04.2017 um 14:37 schrieb Rowland Penny via samba:> On Wed, 19 Apr 2017 09:22:47 +0200 > Stefan Just via samba <samba at lists.samba.org> wrote: > >> >> There is a tutorial how to make a Kerberos server to be a samba >> server too. >> >> It is available at: >> http://www.danbishop.org/2015/01/30/ubuntu-14-04-ultimate-server-guide/8/ >> > > There is a big problem with that tutorial, one of the first things > it tells you to do is to install libpam-smbpass. This has been > remove from Samba. If you do follow the instructions, a subsequent > update may upgrade Samba, and you may find it suddenly stops working. > > Rowland >libpam-smbpass was dropped with Samba 4.4. So you have to use samba 4.3.
S P Arif Sahari Wibowo
2017-Apr-19 16:09 UTC
[Samba] Samba authentication using non-AD Kerberos?
On 2017-04-19, 01:22, Stefan Just via samba wrote:> There is a tutorial how to make a Kerberos server to be a > samba server too.I don't have option to do changes in the Kerberos server, at least not now. Is that the only way to have samba authenticated from a non-AD Kerberos server to be connectable from MS Windows and macOS clients? On 2017-04-19, 08:10, Stefan Just via samba wrote:> libpam-smbpass was dropped with Samba 4.4. So you have to use > samba 4.3.Is there any other solution that not yet obsoleted? Thank you! -- ____ ____ ____ ____ (stephan paul) Arif Sahari Wibowo /___ /___/ /___/ /___ http://www.arifsaha.com/ ____/ / / / ____/
On Wed, 2017-04-19 at 10:09 -0600, S P Arif Sahari Wibowo via samba wrote:> On 2017-04-19, 01:22, Stefan Just via samba wrote: > > There is a tutorial how to make a Kerberos server to be a > > samba server too. > > I don't have option to do changes in the Kerberos server, at > least not now. Is that the only way to have samba authenticated > from a non-AD Kerberos server to be connectable from MS Windows > and macOS clients?Not windows clients without much pain. In theory Windows can join a non-AD KDC, but it is incredibly rarely done. MacOS should be able to kinit. I think you really want to move to Samba as an AD DC. Everything else will just be painful in the long run. I hope this helps, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Possibly Parallel Threads
- Samba authentication using non-AD Kerberos?
- Samba authentication using non-AD Kerberos?
- Samba AD DC autenticated by non-AD Kerberos (~ Re: Samba authentication using non-AD Kerberos?)
- Samba authentication using non-AD Kerberos?
- Samba authentication using non-AD Kerberos?