[Samba] Authenticate via MIT Kerberos?

Dann Bohn djb44 at psu.edu
Fri Feb 22 09:14:38 MST 2013

I'm in the process of setting up a samba file server, and I'd like to 
set it up so users can authenticate with their Kerberos realm 
credentials. It seems that every article I read wants me to bind the 
thing to a domain, and authenticate that way. The only problem with that 
is user accounts aren't domain accounts, they are "shadow" Kerberos 
realm accounts (forgive me, I'm not a windows admin) when I bind samba 
to our AD, those shadow accounts don't work, but real domain accounts 
do. Users don't have real domain accounts.

I've obtained a service keytab, and modified the smb.conf following 
multiple articles online, and get 'could not look up dcs for domain 
"REALM"' and  (the value in my realm field). The realm isn't a real 
host. it's an MIT realm. My system is kerborized, and the values in 
krb5.conf work for system-auth.

Thanks in advance,

More information about the samba mailing list