Local KDC and Samba

Andreas Schneider asn at samba.org
Tue Jan 21 08:30:14 UTC 2025


On Tuesday, 21 January 2025 06:59:25 CET Steve French wrote:
> Do you have a sample wireshark trace of SMB3.1.1 connection to Samba
> with the new peer-to-peer Kerbeors and/or IAKERB?

Yes, I do. You can find it here:

https://xor.cryptomilk.org/samba/iakerb/

However that wont help you. See Alexander his reply. You need to use GSSAPI 
instead of raw Kerberos in cifs utils. You should try to do IAKerb first and 
fall back to KRB5 mech otherwise.

What I haven't implemented yet. If we get a krbtgt via IAKerb we should allow 
to store that in a user specified ccache or the default one.


-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D





More information about the samba-technical mailing list