I'm in the process of setting up a samba file server, and I'd like to
set it up so users can authenticate with their Kerberos realm
credentials. It seems that every article I read wants me to bind the
thing to a domain, and authenticate that way. The only problem with that
is user accounts aren't domain accounts, they are "shadow"
Kerberos
realm accounts (forgive me, I'm not a windows admin) when I bind samba
to our AD, those shadow accounts don't work, but real domain accounts
do. Users don't have real domain accounts.
I've obtained a service keytab, and modified the smb.conf following
multiple articles online, and get 'could not look up dcs for domain
"REALM"' and (the value in my realm field). The realm isn't a
real
host. it's an MIT realm. My system is kerborized, and the values in
krb5.conf work for system-auth.
Thanks in advance,
Dann
