On 06/20/2018 01:26 PM, Chad William Seys wrote:
I believe my problem is the same as original reporter Dan who says: "This was never really an active directory install, it's a standard unix
LDAP + Kerberos install"

This is my setup as well (except I don't use LDAP, just MIT Kerberos).

Dan, I see that in your first smb.conf you did not have any idmap ranges defined.
Did you end up setting up idmap ranges?
Do you still use kerberos to authenticate?

I just checked, with my current setup, using

security = user
realm = MY.REALM.HERE
encrypt passwords = yes
kerberos method = secrets and keytab

and without idmap ranges, I am able to connect to my samba share on a client using:

smbclient -k //myserver/myshare

without entering a password, so I do think it's using Kerberos.

If someone breaks this because they don't think people use this technique, and that kerberos is only for true Active Directory users, I will be upset ;-)

Reply via email to