Is it possible to mount a cifs share with kerberos using the machine account (with active directory)

Rowland penny rpenny at
Sun Jun 13 07:48:43 UTC 2021

On 12/06/2021 02:02, Andrew Walker via samba-technical wrote:
> On Fri, Jun 11, 2021 at 7:57 PM Steve French via samba-technical <
> samba-technical at> wrote:
> IIRC there are some applications that will use the machine account to
> perform operations over the network (like backup applications). Whether
> this is successful against a Samba server depends on the configured idmap
> backend on the Samba server. If idmap_rid or idmap_autorid are used, then
> it _should_ be possible. If you're relying on rfc2307 attributes for
> idmapping, then it's probably not possible  since they can't be assigned to
> computer accounts IIRC. This is hypothetical, and has caveats. I also
> haven't tested with linux clients.

Yes, it works against a Samba server (which I take to mean a DC) and you 
can use idmap_ad. A computer account in AD is just a user with an extra 
objectclass, so a computer can use all the attributes a user can, 
including all the rfc2307 attributes.


More information about the samba-technical mailing list