[Samba] Problem accessing samba fileserver with smbclient using Kerberos

Markus Moeller huaraz at moeller.plus.com
Wed May 18 19:25:14 GMT 2005

I have a setup with a w2k3 AD and Samba 3.0.15pre2 as fileservers on Linux. 
I created two AD computer objects and used ktpass to create the Keberos 
keys. The keytab has the following entries

host/linux.test.com at TEST.COM  mapped to a computer account linux-host$ for 
general Kerberos services (ftp,ssh,..)
cifs/linux.test.com at TEST.COM  mapped to a computer account linux-cifs$ for 
Windows 2003/XP clients and
HOST/linux.test.com at TEST.COM a copy of host/linux.test.com for Windows 2000 

I can access the samba share from 2000/2003/XP but not with smbclient from 
the linux box itself. It seems smbclient tries to use a principal 
linux$@TEST.COM which isn't in my keytab and I don't see a reason why it 
should. BTW smbclient works when accessing a 2003 share.

I looked at the traffic the XP client creates to the kdc and it immediatly 
asks for a cifs/linux.test.com principal. Shouldn't smbclient be able to do 
the same ?


More information about the samba mailing list