samba-tool does not use kerberos ticket

steve steve at
Fri Sep 19 09:27:28 MDT 2014

On 19/09/14 13:27, Alexis wrote:
> steve wrote:
>> On 19/09/14 11:35, Alexis wrote:
>>> Hello,
>>> I use samba 4-1.12 as an AD on a opensuse13.1 server.
>>> I use to setup a keberos ticket with
>>> kinit administrator -k -t /usr/local/samba/private/administrator.keytab
>>> and klist -l on opensuse13.1 give:
>>> Principal name                 Cache name
>>> --------------                 ----------
>>> administrator at XXX.XX.XX       DIR::/run/user/0/krb5cc/tktiNk96S
>>> but for example   samba-tool dns serverinfo <server> will ask me password
>>> instead of using this kerberos ticket.
>>> There was not such an issue when running samba in opensuse12.3 and I
>>> wonder if this is due to user.slice service which was had in openssue13.1
>>> but I don't know where to go from here.
>>> Maybe some of you had any clue to help me debug this issue.
>>> Thank you.
>> Hi
>> Just add:
>> default_ccache_name = /tmp/krb5cc_%{uid}
>> to [libdefaults]
>> in /etc/krb5.conf
>> and forget about systemd.
>> Works here on 13.1
>> HTH,
>> Steve
> Thanks a lot you make my day!!!
Whilst we're here, there's another big one you may wish to avoid. The 
other big kerberos systemd openSUSE problem is that if root has not 
already logged in, the directory:
does not exist and so there is nowhere to put the tickets, even if it 
did work. Under systemd all clients which need a root ticket must have 
root log in first;) We've thrashed this out on both the krb5 and 
opensuse lists: mit don't do systemd and opensuse don't do kerberos.

More information about the samba-technical mailing list