[Samba] Missing domain user tickets with winbind
Rowland penny
rpenny at samba.org
Wed Apr 1 11:58:36 UTC 2020
On 01/04/2020 12:20, L.P.H. van Belle via samba wrote:
> For that to work, you need to add the CIFS/hostname.fqdn at REALM to the host your logging in.
> The COMPUTER$ should hold it.
> Allow the computer to delegate the cifs service. ( or all )
Thing is, the OP is trying to use a users ticket to mount, but seems to
be doing it as root, which isn't going to work, mainly because 'root'
will use the root ticket /tmp/krb5cc_0. He needs to use the users
ticket, typically /tmp/krb5cc_{user_id}
He is also setting a credentials file in his mount command, this should
be removed. Also, are libnss-winbind, libpam-winbind and libpam-krb5
installed ?
I would also point him to your repo: http://apt.van-belle.nl/
This would save him having to compile Samba himself.
Finally, I would suggest he installs libpam-mount, this will do all the
heavy lifting for him.
Rowland
>
>
>>
>> =======================================================
>> Details of my setup:
>> I'm using an Ubuntu 19.10 server VM.
>> I'm mounting as the local root user, however, I'm using a domain user
>> credentials for mounting the using sec=krb5.
>> Below are my mount options:
>> vers=3.0,sec=krb5,credentials=/home/localadmin/.smb3credential
> s,serverino,noperm,nosharesock,mfsymlinks,uid=lxsmbadmin,gid='doma> in
More information about the samba
mailing list