On 06/20/2018 01:26 PM, Chad William Seys wrote:
I believe my problem is the same as original reporter Dan who says:
"This was never really an active directory install, it's a standard unix
LDAP + Kerberos install"
This is my setup as well (except I don't use LDAP, just MIT Kerberos).
Dan, I see that in your first smb.conf you did not have any idmap
ranges defined.
Did you end up setting up idmap ranges?
Do you still use kerberos to authenticate?
I just checked, with my current setup, using
security = user
realm = MY.REALM.HERE
encrypt passwords = yes
kerberos method = secrets and keytab
and without idmap ranges, I am able to connect to my samba share on a
client using:
smbclient -k //myserver/myshare
without entering a password, so I do think it's using Kerberos.
If someone breaks this because they don't think people use this
technique, and that kerberos is only for true Active Directory users, I
will be upset ;-)