[Samba] Kerberos method not working like use kerberos keytab?

Oliver Weinmann oliver.weinmann at vega.de
Wed Apr 7 03:45:28 MDT 2010


I have a couple of old samba 3.0.30 installations. I enabled the "use
kerberos keytab" option in the smb.conf file to aquire a tgt
automatically when a user logs in. This works fine on 3.0.30 installs.
On newer samba versions I recognized that the option has been phased out
and replaced by a newer option called "kerberos method" the man page is
not really clear about what to choose here so I googled and found the

For existing installs: "use kerberos keytab = yes" corresponds to
secrets and keytab "use kerberos keytab = no" corresponds to secrets

Setting "kerberos method = secrets and keytab" doesn't work for some
reason. I have not changed the /etc/security/pam_winbind.conf:
# turn on debugging
;debug = no
# request a cached login if possible
# (needs "winbind offline logon = yes" in smb.conf)
cached_login = yes
# authenticate using kerberos
krb5_auth = yes
# when using kerberos, request a "FILE" krb5 credential cache type
# (leave empty to just do krb5 authentication but not have a ticket
# afterwards)
krb5_ccache_type = FILE
# make successful authentication dependend on membership of one SID
# (can also take a name)
;require_membership_of =

There is TGT aquired when a user logs in. Am I missing something in my
configuration? This is really a cool feature for using NFSv4.

More information about the samba mailing list