Samba 3.0 won't work with smbclient using Kerberos.

Andrew Bartlett abartlet at
Fri May 17 02:36:02 GMT 2002

P Ranjit Kumar wrote:
> Hi
> I am trying to get smbclient to work with Samba 3.0 server. Samba 3.0 server
> joined a Win2k Native domain successfully.

> Interestingly, I made and account on the KDC for the unix machine (using
> ktpass) and specified enc type DES-CBC-MD5, which is used by smbclient. Also
> I checked that the encryption type is MD5 for the TGT.

You must join the domain with 'net join'.  Set 'security=ads' in your

Becouse samba must also use legacy RPC protocols for NT4 connections,
and becouse of differences in case sensitivity in the MIT/MS
implementations, Samba does not use a predefined keytab, but stores the
plaintext password, creating the 'keys' in memory.

As such there isn't an /etc/krb5.keytab on a normal samba ADS member.  
We need an option 'krb5 keytab write = ' (defaulting to
/etc/krb5.keytab) to allow unix servers compatibilty here, but I havn't
got a chance to writing it yet.  (Patches are more than welcome).

Andrew Bartlett 

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list