samba - Apr 2023 - Is LDAP + Kerberos without Active Directory no longer supported?

On 14/04/2023 10:03, Kees van Vloten via samba wrote:
> 
> You could try what Rowland suggests: setup AD and add the users in it.
> 
> There is no (strict) need to join the client machines, the AD-DC 
> provides a KDC and a LDAP server. You can still use kinit on the clients 
> to authenticate and get a ticket.
> 
> With an AD-DC and a fileserver (joined to the domain) (on separate 
> machines) your scenario will work pretty much as it always did but with 
> a recent Samba version.
> 
> Do you see any obstacles, Rowland?
> 
> - Kees.
> 
> 
No, provided they can get a ticket from the KDC, they will get 
authentication and they will get a better supported product.

Rowland

Op 14-04-2023 om 11:31 schreef Rowland Penny via samba:
>
>
> On 14/04/2023 10:03, Kees van Vloten via samba wrote:
>>
>> You could try what Rowland suggests: setup AD and add the users in it.
>>
>> There is no (strict) need to join the client machines, the AD-DC 
>> provides a KDC and a LDAP server. You can still use kinit on the 
>> clients to authenticate and get a ticket.
>>
>> With an AD-DC and a fileserver (joined to the domain) (on separate 
>> machines) your scenario will work pretty much as it always did but 
>> with a recent Samba version.
>>
>> Do you see any obstacles, Rowland?
>>
>> - Kees.
>>
>>
>
> No, provided they can get a ticket from the KDC, they will get 
> authentication and they will get a better supported product.
>
> Rowland
>
I am confused by the "no", the rest of your sentence confirms exactly 
what I was trying to say :-) .

To summarize: Setup AD-DC and doman-join the fileserver. Let the users 
login on their machines locally after which they do kinit to 
authenticate as a user (not as a machine) to the AD. With that they also 
get access to the file-shares (or any other domain resource).

This is all supported by the latest Samba version, so indeed a better 
supported setup.

- Kees.