[Samba] smb.conf 'use kerberos keytab = true'

Jim McDonough jmcd at samba.org
Mon Jan 9 05:34:34 MST 2012

On Sun, Jan 8, 2012 at 8:43 AM, steve <steve at steve-ss.com> wrote:
> openSUSE 12.1, Samba 3.61 joined to Samba 4 Domain
> /etc/samba/smb.conf on the Linux client is as follows:
> workgroup = CACTUS
> realm = HH3.SITE
> security = ADS
> use kerberos keytab = true
> testparm tells me it is ignoring the 'use kerberos keytab = true' entry.
It should be, it's been replaced quite some time ago by "kerberos
keytab method".

> Linux users can logon fine, kinit and getent password work. The Samba 4 logs
> show that kerberos has authenticated the user. Users can create files under
> Linux with the correct permissions, which can then be edited on a Windows 7
> client. Their /home folders are mounted via kerberized NFSv4.
> Without the 'use kerberos keytab = true' entry, there is no password
> prompting and the user gets access denied messages when trying to access
> *any* share from Samba 4, including his own, as before.
> Questions
> 1. Is the entry 'use kerberos keytab = true' is having any effect?
Seems like it is based on your description, but it _shouldn't be".
I'd check for stray libsmbclient so's.

Jim McDonough
Samba Team
SUSE labs
jmcd at samba dot org
jmcd at themcdonoughs dot org

More information about the samba mailing list