[Samba] Kerberos, Samba, and XP wanting to map local users with authenticated ones

Jeremy Allison jra at samba.org
Fri May 27 16:28:23 MDT 2011

On Fri, May 27, 2011 at 04:56:25PM -0400, Mauricio Tavares wrote:
> Ok, I understand if I only have kerberos and windows, if I login as a
> kerberos user, I better have a local user mapped to it or I will not
> be able to login. But, now I have samba involved. If I tell it about
> kerberos server,
> workgroup = LAZYASS
> realm = MY.REALM
> security = ads
> kerberos method = system keytab
> shouldn't it see there is local (to samba's server) user bob,
> principal bob at MY.REALM, and then mount bob's homedir if I try to login
> as bob? Or am I missing an important step? I did join the xp box to
> LAZYASS and can see there the fileserver's home fileshare (the only
> thing I am exporting). But that is as far as I get.
> The exact error message I am getting is
> "The system cannot log you on due to the following error:
> Mapping between account names and security IDs was done."
> It almost sounds like it is completely ignoring the samba side of the show.

Do you have winbindd running ? You need this to generate
the local UNIX userid's that Samba will use to represent
Windows users.

More information about the samba mailing list