Daniel Lakeland
2023-Apr-14 19:52 UTC
[Samba] Is LDAP + Kerberos without Active Directory no longer supported?
On 4/14/23 11:01, Rowland Penny via samba wrote:> > > On 14/04/2023 18:37, Ralph Boehme via samba wrote: >> >>> >> this has been a quite common setup in certain environment. Iirc it >> should still work. Iirc when we applied security hardening recently >> we change to reject service tickets with a PAC when we're running in >> security=user mode, but the details escape my mind. >> >> -slow >> >> > > It may be a common setup, but it isn't one I have come across before > (which doesn't mean much), but I think I have proof it should still > work, but perhaps just not as it did. > It doesn't help that Daniel isn't sure what version of Samba he was > using and on what version of Debian (?). If we could find out these, > we may be able to track down what changed and when.I last reported a bug to Debian with samba 4.8 so let's assume that I was using that when I had it working. I believe someone else tried with 4.13 but I had to back out of that version to get things back on track and I'm only now getting back to this.
Rowland Penny
2023-Apr-14 20:43 UTC
[Samba] Is LDAP + Kerberos without Active Directory no longer supported?
On 14/04/2023 20:52, Daniel Lakeland via samba wrote:> > I last reported a bug to Debian with samba 4.8 so let's assume that I > was using that when I had it working. I believe someone else tried with > 4.13 but I had to back out of that version to get things back on track > and I'm only now getting back to this. >I do not remember Debian providing any samba 4.8 packages, but samba 4.8.0 was the version that winbind was first required if 'security = ads' or 'security = domain' was set. Rowland