[Samba] Problem with "kerberos method = secrets and keytab"

Peter Serbe peter at serbe.ch
Wed Feb 11 17:04:59 MST 2015

Hi Andreas, 

I convinced Rowland to change the wiki like that. You might want to check 
out the thread "Samba4 and sssd, keytab file expires?". Read it, and You 
will understand its implications. Even if it works now, it doesn't mean 
that it will work for long...

The first thing I would check is the kerberos setup. I would also check, 
whether DNS is OK for both forward and backward directions. Then I would 
either check sssd or winbind (depending on Your installation). It might 
be worthwhile to do all the checks without the offending entry in smb.conf. 

Best regards

PS: it can be pretty frustrating to get it working for the first time. 
But then it is rock solid. It might be a good idea to jump to 4.2.0rc4 - 
nearly all known bugs are fixed... (some might disagree, I am sure...). 
Do You plan to use RFC2307?

Andreas Hauffe schrieb am 11.02.2015 16:39:

> Hi,
> I'm using the smb.conf from
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> to add a member server as file server to the domain.
> If I'm using the original smb.conf with "kerberos method = secrets and 
> keytab", I'm not able to see any share on a Windows Client in the domain. If I 
> use the default "kerberos method = secrets" everything works. 
> Does anyone have an idea why this happens? 
> And can someone tell me, why there is a "dedicated keytab file = 
> /etc/krb5.keytab" in the smb.conf. I read that the system keytab is used if 
> "kerberos method = secrets and keytab" was chosen?
> -- 
> Viele Grüße
> Andreas Hauffe
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list