Samba 3.0 won't work with smbclient using Kerberos.

Andrew Bartlett abartlet at pcug.org.au
Fri May 17 02:36:02 GMT 2002


P Ranjit Kumar wrote:
> 
> Hi
> 
> I am trying to get smbclient to work with Samba 3.0 server. Samba 3.0 server
> joined a Win2k Native domain successfully.

> Interestingly, I made and account on the KDC for the unix machine (using
> ktpass) and specified enc type DES-CBC-MD5, which is used by smbclient. Also
> I checked that the encryption type is MD5 for the TGT.

You must join the domain with 'net join'.  Set 'security=ads' in your
smb.conf.

Becouse samba must also use legacy RPC protocols for NT4 connections,
and becouse of differences in case sensitivity in the MIT/MS
implementations, Samba does not use a predefined keytab, but stores the
plaintext password, creating the 'keys' in memory.

As such there isn't an /etc/krb5.keytab on a normal samba ADS member.  
We need an option 'krb5 keytab write = ' (defaulting to
/etc/krb5.keytab) to allow unix servers compatibilty here, but I havn't
got a chance to writing it yet.  (Patches are more than welcome).

Andrew Bartlett 

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba-technical mailing list