Is it possible to mount a cifs share with kerberos using the machine account (with active directory)
Rowland penny
rpenny at samba.org
Sun Jun 13 07:48:43 UTC 2021
On 12/06/2021 02:02, Andrew Walker via samba-technical wrote:
> On Fri, Jun 11, 2021 at 7:57 PM Steve French via samba-technical <
> samba-technical at lists.samba.org> wrote:
> IIRC there are some applications that will use the machine account to
> perform operations over the network (like backup applications). Whether
> this is successful against a Samba server depends on the configured idmap
> backend on the Samba server. If idmap_rid or idmap_autorid are used, then
> it _should_ be possible. If you're relying on rfc2307 attributes for
> idmapping, then it's probably not possible since they can't be assigned to
> computer accounts IIRC. This is hypothetical, and has caveats. I also
> haven't tested with linux clients.
Yes, it works against a Samba server (which I take to mean a DC) and you
can use idmap_ad. A computer account in AD is just a user with an extra
objectclass, so a computer can use all the attributes a user can,
including all the rfc2307 attributes.
Rowland
More information about the samba-technical
mailing list