From: Anton Starikov on
I googled a lot but didn't find any answer.

My problem is next:

I have Openldap/kerberos directory.
I have samba (samba-A), which acts as NT PDC and use ldap/kerberos as backend.

I have another samba server (samba-B) which I want to authenticate users in my directory.
Of course I can join it to my samba NT PDC, it works, but by this a loose ability to authenticate via kerberos tickets.

Is it possible for samba-B to see my directory as AD? In order to be able "net ads join" and have full set of possible authentications for samba-B?

What kind of records should I add to my Openldap/Kerberos directory in order to be able to perform "net join ADS"?
Obviously I can't have full AD functionality here, but I don't need one. I just want it to simulate AD enough that second samba server can "join" to use it for authentication.

AFAIK, if my KDC is based on MIT there is other workaround in case of security=user, but there are some extra reasons why I would be in ADS mode.

To unsubscribe from this list go to the following URL and read the