[Samba] Missing domain user tickets with winbind

Rowland penny rpenny at samba.org
Wed Apr 1 11:58:36 UTC 2020

On 01/04/2020 12:20, L.P.H. van Belle via samba wrote:
> For that to work, you need to add the CIFS/hostname.fqdn at REALM to the host your logging in.
> The COMPUTER$ should hold it.
> Allow the computer to delegate the cifs service.  ( or all )

Thing is, the OP is trying to use a users ticket to mount, but seems to 
be doing it as root, which isn't going to work, mainly because 'root' 
will use the root ticket /tmp/krb5cc_0. He needs to use the users 
ticket, typically /tmp/krb5cc_{user_id}

He is also setting a credentials file in his mount command, this should 
be removed. Also, are libnss-winbind, libpam-winbind and libpam-krb5 
installed ?

I would also point him to your repo: http://apt.van-belle.nl/

This would save him having to compile Samba himself.

Finally, I would suggest he installs libpam-mount, this will do all the 
heavy lifting for him.


>> =======================================================
>> Details of my setup:
>> I'm using an Ubuntu 19.10 server VM.
>> I'm mounting as the local root user, however, I'm using a domain user
>> credentials for mounting the using sec=krb5.
>> Below are my mount options:
>> vers=3.0,sec=krb5,credentials=/home/localadmin/.smb3credential
> s,serverino,noperm,nosharesock,mfsymlinks,uid=lxsmbadmin,gid='doma> in

More information about the samba mailing list