[Samba] kerberos ticket on login problem
Jason Keltz
jas at eecs.yorku.ca
Tue Jul 28 19:59:19 UTC 2020
I'm experimenting with smb + winbind.
My host is joined to AD and I can login to my host fine using my AD
credentials via SSH. The only issue is that I don't get a Kerberos
ticket generated.
In /etc/security/pam_winbind.conf I have:
krb5_auth = yes
krb5_ccache_type = KEYRING
In /etc/krb5.conf, I also have:
default_ccache_name = KEYRING:persistent:%{uid}
Using wbinfo -K jas, then entering my password, I see:
plaintext kerberos password authentication for [jas] succeeded
(requesting cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_1004
[It writes the keyring to a file even though I've specified KEYRING. I
don't know if wbinfo automatically writes to FILE or whether it reads
pam_winbind.conf and should be writing to KEYRING).
If I remove the file, and ssh to the system, I don't get a Kerberos ticket.
I know the pam_winbind.conf file is being read on login because the
"require_membership_of" line I'm using works.
Any thoughts?
Jason.
More information about the samba
mailing list