Stefan Just
2016-Dec-13 12:56 UTC
[Samba] Connect Samba 4.3 to an existing Kerberos server
Hello, I want to connect Samba 4.3 to an existing Kerberos server. So that the users who already exist in Kerberos can log on to the Windows clients of our Samba server. In the documentation of Windows Server I found the following: "You can establish a realm trust between any non-Windows Kerberos version 5 (V5) realm and an Active Directory domain." I have already set up an AD DC. But I had no success to join our MIT Kerberos. Is this possible with Samba and if so, how is it done?
mathias dufresne
2016-Dec-15 16:19 UTC
[Samba] Connect Samba 4.3 to an existing Kerberos server
2016-12-13 13:56 GMT+01:00 Stefan Just via samba <samba at lists.samba.org>:> Hello, > > I want to connect Samba 4.3 to an existing Kerberos server. So that the > users who already exist in Kerberos can log on to the Windows clients of > our Samba server. > In the documentation of Windows Server I found the following: > > "You can establish a realm trust between any non-Windows Kerberos > version 5 (V5) realm and an Active Directory domain." >Here "trust" means "trust relationship", a way to achieve what you want, to make things from domain A available to domain B, and possibly things from B available to A. Trust are directional. They also can be transitive or not. If A can access B with some trust, if B has transitive trust to C (with right direction of course) then A can access also C. Now Samba is able to build only bidirectional and transitive trusts. Have a look to "samba-tool domain trust" to know how Samba can create trusts. Perhaps if it is your Kerberos domain which initiate the trust it would be better for your need, no idea, they're yours ;)> > I have already set up an AD DC. But I had no success to join our MIT > Kerberos. > > Is this possible with Samba and if so, how is it done? > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Possibly Parallel Threads
- Realm trust between Samba AD and MIT kerberos realm
- Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
- Active directory and multiple forests
- Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
- One Way Domain Trust possible?