Hello list, a quick question. Right now I have a combination of MIT Kerberos, OpenLDAP and SSSD for authenticating my users. Is there a way that Samba can use this setup to perform user authentication. I only want to access the shares of the Samba server from about 8 Windows computers. I am aware that I cannot make an Active Directory out of this. At the moment I have stored the users in a local passdb, which works but is very unpleasant. Many thanks and many greetings Thorsten
On Tue, 11 Dec 2018 15:09:39 +0100 tseegerkrb via samba <samba at lists.samba.org> wrote:> Hello list, > > a quick question. Right now I have a combination of MIT Kerberos, > OpenLDAP and SSSD for authenticating my users. Is there a way that > Samba can use this setup to perform user authentication. I only want > to access the shares of the Samba server from about 8 Windows > computers. I am aware that I cannot make an Active Directory out of > this. > > At the moment I have stored the users in a local passdb, which works > but is very unpleasant. >That is why Microsoft came up with domains ;-) If you look at Active Directory, it is basically composed of kerberos, ldap and dns., so you can replace your kerberos and ldap servers with a Samba AD DC, this also come with winbind which will replace sssd. There is just one possible fly in the ointment, you mention MIT & sssd, is this using a red-hat OS ? If it is, you cannot use the OS packages to create an AD DC, or if you can (Fedora), it shouldn't be used in production. Rowland
On 11.12.18 15:23, Rowland Penny via samba wrote:> On Tue, 11 Dec 2018 15:09:39 +0100 > tseegerkrb via samba <samba at lists.samba.org> wrote: > >> Hello list, >> >> a quick question. Right now I have a combination of MIT Kerberos, >> OpenLDAP and SSSD for authenticating my users. Is there a way that >> Samba can use this setup to perform user authentication. I only want >> to access the shares of the Samba server from about 8 Windows >> computers. I am aware that I cannot make an Active Directory out of >> this. >> >> At the moment I have stored the users in a local passdb, which works >> but is very unpleasant. >> > > That is why Microsoft came up with domains ;-) > > If you look at Active Directory, it is basically composed of kerberos, > ldap and dns., so you can replace your kerberos and ldap servers with a > Samba AD DC, this also come with winbind which will replace sssd. > > There is just one possible fly in the ointment, you mention MIT & sssd, > is this using a red-hat OS ? > If it is, you cannot use the OS packages to create an AD DC, or if you > can (Fedora), it shouldn't be used in production. > > Rowland > >Hello Rowland, thanks for your answer but I don't want to replace my kerberos & ldap setup with an AD server. Basically I only want to control access to the handful of Samba shares. Thorsten