[CentOS] samba: check password with AD without joining domain?

Fri Aug 16 01:44:25 UTC 2013
Stephen Harris <lists at spuddy.org>

On Thu, Aug 15, 2013 at 06:40:54PM -0700, Devin Reade wrote:
> Last time I checked a few years ago I don't think AD supported an LDAP anonymous bind, so you may need to bind as that user in order to validate the creds.

AD is kerberos for authentication.  If you just want to authenticate user
"xyzzy" to AD with password (as opposed to krb keys) then just configure
/etc/krb5.conf to point to an AD domain controller.

Don't need LDAP at all.

Everything else (samba, ldap, etc) gives closer integration, but isn't
essential for pure 'AD password' authentication.