[Samba] Winbind and Kerberos problem

Hugh Martin hugh_martin at hma.honda.com
Fri Aug 13 20:19:09 GMT 2004


When I try to use kerberos with winbind to authenticate with a userid stored
in Active Directory (AD), authentication fails because the principal name
that kerberos is trying to use is the 'extended' id used by winbind.

In other words, suppose my domain name is 'mydomain', the userid in AD is
'myid', and my smb.conf is set up to use a separator character of '+'.
Therefore, I logon to the Linux box as mydomain+myid.  If I don't use
kerberos (via pam_winbind), I can logon fine.  When I try to logon using
kerberos (via pam_krb5), a sniffer trace on the domain controller reveals
that the principal name passed to AD is mydomain+myid instead of just myid.
Clearly, this is not going to work.  Any ideas on how to correct this?
Thanks.

Hugh





More information about the samba mailing list