[Samba] smb.conf 'use kerberos keytab = true'
steve at steve-ss.com
Sun Jan 8 06:43:07 MST 2012
openSUSE 12.1, Samba 3.61 joined to Samba 4 Domain
/etc/samba/smb.conf on the Linux client is as follows:
workgroup = CACTUS
realm = HH3.SITE
security = ADS
use kerberos keytab = true
testparm tells me it is ignoring the 'use kerberos keytab = true' entry.
Linux users can logon fine, kinit and getent password work. The Samba 4
logs show that kerberos has authenticated the user. Users can create
files under Linux with the correct permissions, which can then be edited
on a Windows 7 client. Their /home folders are mounted via kerberized NFSv4.
Using konqueror with smb:// allows users to browse the Samba 4 shares
and prompts for a password when entering a folder which is not their
own. Entering the password for the other folder allows them to
manipulate files in that folder. However, they cannot manipulate files
in their own folder even though it seems as though kerberos has
authenticated them, by not asking for a password.
Without the 'use kerberos keytab = true' entry, there is no password
prompting and the user gets access denied messages when trying to access
*any* share from Samba 4, including his own, as before.
1. Is the entry 'use kerberos keytab = true' is having any effect?
2. Why is the user who is logged on getting access denied errors under
the smb:// protocol?
3. Is this a clash between NFS and CIFS?
Any help gratefully received.
More information about the samba