[Samba] Kerberized smb with MIT K5 realm

Mark Campbell mcc171 at psu.edu
Thu Dec 22 20:10:32 GMT 2005


I tried this new feature with 3.0.21 and have had some luck but it is 
not quite working. 

My config looks like:

#======================= Global Settings 
=====================================
[global]
  workgroup = MYGROUP
  server string = Samba Server
  log file = /var/log/samba/log.smbd
  security = user
  use kerberos keytab = yes
  realm = xxx.psu.edu


#============================ Share Definitions 
==============================
[homes]
  comment = Home Directories
  browseable = no
  writable = yes

I have the keytab file:

cifs/xxx.xxx.psu.edu
host/xxx.xxx.psu.edu

imported to the /etc/krb5.keytab file.

My client gets the service ticket for cifs/xxx.xxx.psu.edu but I see the 
following in the samba logs:

[2005/12/21 16:41:12, 1] smbd/sesssetup.c:reply_spnego_kerberos(180)
 Failed to verify incoming ticket!

Any ideas?

Thanks

Mark


-- 
Mark Campbell
Systems Analyst, Advanced Information Technologies
Information Technology Services
The Pennsylvania State University
mcc171 at psu.edu, 814-865-4774



More information about the samba mailing list