[Samba] Samba4 Authentication

Fabian von Romberg fromberg100 at hotmail.com
Sun Feb 3 07:26:12 MST 2013

Hi Andrew,

thanks for your reply.  I suspected it was a DNS issue.  It seems there was a conflict with my kerberos.  Im running Samba 4.0.0 release. I installed separately Kerberos 5.

When I do a samba domain provision, the smb.conf is generated and one configuration under [global] is the following:

server services = rpc, nbt, wrepl, ldap, cldap, drepl, kdc, ntp_signd, kcc, dnsupdate, smb

As you can see there is "kdc".  So I suspected there was a conflict.  So I stopped the service of Kerberos5 I installed separately and restarted samba.  After this the loggin was very fast and by debugging I could see the authentication was done via kerberos.

Now Im having another problem.  If you can help me I would appreciate.

>From a XP machine and after a successful login, I want to access the following shared folder:

	path = /var/lib/samba/usershares
	read only = No

I see the folder "shared" on windows explorer, thats fine, but when I want to open it, Im asked again for username and password.  I put the same username and password I used for the login, but nothing happens I get asked again and again for username and password, it seems my xp machine does not connect to samba for user validation, I dont even see on the debug (level 3) from samba that the username and password is validated.  What could be the reason?

Any help or tip would be much appreciated.

Thanks and regards,

On 02/03/2013 07:46 AM, Andrew Bartlett wrote:
> On Sun, 2013-02-03 at 00:27 -0500, Fabian von Romberg wrote:
>> Hi,
>> when I logon from windows machine, the username is validated against samdb.  How can user be validated against Kerberos5 (principals)?
> Clients of a Samba 4.0 AD DC will use kerberos for the domain login when
> network configurations permit it (such as correct DNS).  This is
> validated by the KDC against the same database (samdb) that NTLM logins
> work against, to ensure consistent behaviour for the user. 
> Andrew Bartlett

More information about the samba mailing list