[Samba] Kerberos S4U token with SAMBA4

Norbert Hanke norbert.hanke at gmx.ch
Tue Jun 12 06:28:10 UTC 2018

Hi Taylor

That's not hard to explain:

The login to a local account is under the control of sshd, and if that 
has enough privileges it works.

The login to a domain account is a kerberos login which requires either 
Username and Password, or possibly PKINIT with a certificate. None of 
them can work with just a public key.


On 11.06.2018 15:56, Taylor Hammerling via samba wrote:
> does SAMBA4 support  Kerberos S4U tokens?
> Background:
> I am trying to get OpenSSH for windows to work on machines joined to our
> SAMBA4 domain
> We are running Samba 4.7.3-Debian on Debian 9
> When attempting to SSH in to a windows client using public key credentials
> for a domain user it fails.  When attempting to SSH into a windows client
> using public key credentials for a local user it works just fine
> I have been working with the OpenSSH team trying to figure out why this
> isn't working, see github issue below
> https://github.com/PowerShell/Win32-OpenSSH/issues/1177#issuecomment-394789906
> Thanks in advance for any assistance you can provide. :)
> Taylor

More information about the samba mailing list