[Samba] Getting krb5 authentication working

Jonathan Reeder jreeder at nscnet.com
Tue Dec 28 18:15:32 GMT 2004

I'm having a heck of a time getting my 3.0.10 install to authenticate users
with krb5.  Couple of things:

1) First off, after my --with-pam installation, I didn't have a
/etc/pam.d/samba file, which was a little disconcerting.  Figured maybe its
no big deal, I'll just make my own.  I couldn't find any good examples
unfortunately, so here is what I pieced together:

auth    required    pam_krb5.so
account    required    pam_krb5.so
session    required    pam_krb5.so
password    required    pam_krb5.so

2) Then I added "obey pam restrictions = yes" to my smb.conf.

3) I sit down at a Windows box, get a ticket from my Heimdal KDC, try to
connect to my samba share, and I get prompted for a password.  Obviously
this wasn't the desired effect.  At least samba is actually running and
responding, just not the way I had hoped.

Couple of questions I guess.

Do I need to set up anything special in my samba server's krb5.keytab?  It
currently just has a host/FQDN entry.

Did I bungle the pam.d/samba file?

Is there something else I need to do to make samba use PAM (specifically,
the krb5 module)?  I'm not using LDAP or ADS, just Kerberos.

Thanks a bunch.

More information about the samba mailing list