samba - Sep 2018 - design question for small environment

Am 10.09.18 um 11:12 schrieb Rowland Penny via samba:
> Hi Stefan, I would set up a small AD domain, one DC, and turn the two
> original servers into Unix domain members and then use kerberos.
How would "use kerberos" look like from the client's view?

On Tue, 11 Sep 2018 08:56:35 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org>
wrote:
> Am 10.09.18 um 11:12 schrieb Rowland Penny via samba:
> 
> > Hi Stefan, I would set up a small AD domain, one DC, and turn the
> > two original servers into Unix domain members and then use kerberos.
> 
> How would "use kerberos" look like from the client's view?
> 
Just like using a password as long as the server is setup correctly.

Rowland

As the unix servers  running linux (I know some people wouldn't call 
that real unix) or a "real" unix like Solaris ?

Linux has sssd which can make things simpler.

In either case you probably need a proxy account for the unix system to 
retrieve user and group info (not passwords) via LDAP.

On 09/11/18 03:56, Rowland Penny via samba wrote:
> On Tue, 11 Sep 2018 08:56:35 +0200
> "Stefan G. Weichinger via samba" <samba at lists.samba.org>
wrote:
>
>> Am 10.09.18 um 11:12 schrieb Rowland Penny via samba:
>>
>>> Hi Stefan, I would set up a small AD domain, one DC, and turn the
>>> two original servers into Unix domain members and then use
kerberos.
>> How would "use kerberos" look like from the client's
view?
>>
> Just like using a password as long as the server is setup correctly.
>
> Rowland
>
>
>