[Samba] smb.conf 'use kerberos keytab = true'

steve steve at steve-ss.com
Sun Jan 8 06:43:07 MST 2012

openSUSE 12.1, Samba 3.61 joined to Samba 4 Domain

/etc/samba/smb.conf on the Linux client is as follows:

workgroup = CACTUS
realm = HH3.SITE
security = ADS
use kerberos keytab = true

testparm tells me it is ignoring the 'use kerberos keytab = true' entry.

Linux users can logon fine, kinit and getent password work. The Samba 4 
logs show that kerberos has authenticated the user. Users can create 
files under Linux with the correct permissions, which can then be edited 
on a Windows 7 client. Their /home folders are mounted via kerberized NFSv4.

Using konqueror with smb:// allows users to browse the Samba 4 shares 
and prompts for a password when entering a folder which is not their 
own. Entering the password for the other folder allows them to 
manipulate files in that folder. However, they cannot manipulate files 
in their own folder even though it seems as though kerberos has 
authenticated them, by not asking for a password.

Without the 'use kerberos keytab = true' entry, there is no password 
prompting and the user gets access denied messages when trying to access 
*any* share from Samba 4, including his own, as before.

1. Is the entry 'use kerberos keytab = true' is having any effect?
2. Why is the user who is logged on getting access denied errors under 
the smb:// protocol?
3. Is this a clash between NFS and CIFS?

Any help gratefully received.

More information about the samba mailing list