[Samba] kerberos ticket on login problem

Jason Keltz jas at eecs.yorku.ca
Tue Jul 28 19:59:19 UTC 2020

I'm experimenting with smb + winbind.

My host is joined to AD and I can login to my host fine using my AD 
credentials via SSH.   The only issue is that I don't get a Kerberos 
ticket generated.

In /etc/security/pam_winbind.conf I have:

krb5_auth = yes

krb5_ccache_type = KEYRING

In /etc/krb5.conf, I also have:

default_ccache_name = KEYRING:persistent:%{uid}

Using wbinfo -K jas, then entering my password,  I see:

plaintext kerberos password authentication for [jas] succeeded 
(requesting cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_1004

[It writes the keyring to a file even though I've specified KEYRING.  I 
don't know if wbinfo automatically writes to FILE or whether it reads 
pam_winbind.conf and should be writing to KEYRING).

If I remove the file, and ssh to the system, I don't get a Kerberos ticket.

I know the pam_winbind.conf file is being read on login because the 
"require_membership_of" line I'm using works.

Any thoughts?


More information about the samba mailing list