[Samba] mount share using kerberos ticket fails
Rowland penny
rpenny at samba.org
Mon Mar 9 15:43:45 UTC 2020
On 09/03/2020 15:18, Yvan Masson via samba wrote:
> Thanks for your help!
>
> Le 09/03/2020 à 15:39, L.P.H. van Belle via samba a écrit :
>> Did you "deleated the computer object" to allow kerberos services.
>> And did you add the CIFS/spn to the computer and keytab ?
>>
> I am sorry, I don't really understand the above: mount requires a
> keytab AND a user ticket?
No, what he is saying is that the computer object should have a UPN
containing cifs/<the computers FQDN>@<UPPERCASE DOMAIN NAME
You also need the keytab.
>
> I tried your commands but could not get it working (note that I used
> another AD administrator account, not "Administrator").
You need to add the UPN on the DC, then export the keytab, the copy it
to the required machines.
Rowland
More information about the samba
mailing list