Active Directory authentication without Kerberos?

Question

A friend of my has a Linux machine hosting Jenkins and a Windows 2008 Domain Controller. He uses Active Directory authentication in Jenkins and only specified the domain name and domain controller in the Jenkins configuration. All user can use their Windows domain user name and password to access the Jenkins web interface.

I don't understand how this is possible? I have learnt that you have to use Kerberos for user authentication in an Active Directory environment. The website of the Active Directory Jenkins plugin says that they are using "LDAP service of Active Directory". I try to find something like this on my Windows 2008 server but couldn't find it. Does the "Active Directory Lightweight Directory Services" emulate a LDAP server and Jenkins just tries to access the directory with the user name / password given (if the test succeeds, access to the web interface is granted)?

If Kerberos is not necessary to authenticate AD users, is it possible to authenticate Samba users against the Windows domain server without Kerberos and without joining the domain? I have a Linux file server which should offer network shares to Windows clients in a Windows domain.

Answer 1

Active Directory doesn't emulate an LDAP server, it is an LDAP server, with some Microsoft extensions.

Yes, some services simply use the provided credentials to do an LDAP bind, and authenticates the user if it succeeds.

There are half a dozen ways you can authenticate SAMBA access against AD - a quick google search should bring up step by step instructions for your specific distro. Read a few of them before starting - some distros support several methods each with their own pros and cons.