[Samba] Samba authentication using non-AD Kerberos?
S P Arif Sahari Wibowo
arifsaha at yahoo.com
Thu Apr 20 13:25:14 UTC 2017
On 2017-04-16, 19:06, S P Arif Sahari Wibowo via samba wrote:
> I was looking into samba wiki pages and cannot find
> documentation for this. Generally most the documentation pages
> either discussing samba as AD member or standalone.
So still looking at this.
So this is the state currently: kerberos setup (krb5.conf and
keytab) is working in the server, I can do kinit properly. But
setting of Samba still not working. Here is what I have in
/etc/smb.conf:
[global]
workgroup = MYREALM
server string = UATest Samba Server Version %v
netbios name = myserver
log file = /var/log/samba/log.%m
max log size = 50
security = ads
realm = MYREALM.CA
password server = mykerberos.myrealm.ca
kerberos method = system keytab
log level = 3 passdb:5 auth:10
load printers = no
cups options = raw
printing = bsd
[tmp]
comment = Temporary Stuff
path = /tmp
public = yes
writable = yes
printable = no
When I try to connect locally:
# kinit mykerbuser
Password for mykerbuser at MYREALM.CA:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: mykerbuser at MYREALM.CA
Valid starting Expires Service principal
20/04/17 07:24:13 21/04/17 08:24:10 krbtgt/MYREALM.CA at MYREALM.CA
# smbclient -k -U mykerbuser -L localhost
session setup failed: NT_STATUS_IO_TIMEOUT
If I do tcpdump on the Kerberos server, I see this output
repeated:
07:18:55.708609 mykerberos.myrealm.ca > 172.1.1.111: icmp: mykerberos.myrealm.ca udp port netbios-ns unreachable
07:18:56.709751 172.1.1.111.34265 > mykerberos.myrealm.ca.netbios-ns: udp 50 (DF)
--
____ ____ ____ ____ (stephan paul) Arif Sahari Wibowo
/___ /___/ /___/ /___ http://www.arifsaha.com/
____/ / / / ____/
More information about the samba
mailing list