Andrew Bartlett abartlet at
Mon Jun 20 05:20:04 MDT 2011

On Mon, 2011-06-20 at 07:08 -0400, Mauricio Tavares wrote:
> In the provisions script for samba4, there is a line that does
> not make sense to me:
> creds.set_kerberos_state(DONT_USE_KERBEROS)
> Correct me if I am wrong but it sure makes me think it is telling me
> this setup will not be using kerberos. But, AFAIK if you are going for
> the AD controller role you kinda need that. So, what am I missing
> here?

This is simply saying that this particular set of credentials should not
use Kerberos.  In this case the script is talking (potentially, in
now-deprecated functionality) talking to a server such as OpenLDAP, and
the password used between Samba and that LDAP server isn't an AD
password, but a simple shared secret.  Having an intermediate layer
bothering a possibly-not-even-existing KDC would break things in this

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list