[Samba] mount share using kerberos ticket fails

Rowland penny rpenny at samba.org
Mon Mar 9 15:43:45 UTC 2020

On 09/03/2020 15:18, Yvan Masson via samba wrote:
> Thanks for your help!
> Le 09/03/2020 à 15:39, L.P.H. van Belle via samba a écrit :
>> Did you "deleated the computer object" to allow kerberos services.
>> And did you add the CIFS/spn to the computer and keytab ?
> I am sorry, I don't really understand the above: mount requires a 
> keytab AND a user ticket?

No, what he is saying is that the computer object should have a UPN 
containing cifs/<the computers FQDN>@<UPPERCASE DOMAIN NAME

You also need the keytab.

> I tried your commands but could not get it working (note that I used 
> another AD administrator account, not "Administrator").
You need to add the UPN on the DC, then export the keytab, the copy it 
to the required machines.


More information about the samba mailing list