Is there a way to get samba to authenticate against an AD without having to join that domain (which needs admin credentials)? I don’t want any of the automatic user creation or mapping stuff from winbind, just a password check instead of having to maintain a local password.
I can get that effect via kerberos for normal linux logins by using authconfig-tui, checking kerberos, and filling in the domain/kdc details. Local users still have to be added to the linux system, but where the user names match they can authenticate with their domain password. But, samba doesn’t work that way. Even though the authconfig program modifies the smb.conf file, it doesn’t seem to work without joining the domain. Is it possible to make it just authenticate via kerberos but otherwise use the local account details for the matching user?