[Samba] mount share using kerberos ticket fails

Rowland penny rpenny at samba.org
Tue Mar 10 09:37:10 UTC 2020

On 10/03/2020 09:18, Yvan Masson via samba wrote:
> If think I did not properly explain my setup, sorry for that: Samba 
> here is not sharing anything. It is just used for joining a Windows 
> domain, so that users can sit on a chair in front of this Debian 
> computer, use their domain credentials in LightDM, and then access 
> theirs personal and shared data (that are shared by the Windows DC, 
> mounted locally by pam_mount).
Yes, telling us that would have helped.
> So, my understanding is that my setup does not require creating an UPN 
> and a corresponding keytab to put on this Linux client. I am probably 
> not completely wrong as mounting a Windows share on the Debian 
> computer using Kerberos now works :-).
No, it should work without manually creating any UPN's, SPN's or keytabs
> I permit myself this question again: in this setup, is it useful to 
> have /etc/krb5.keytab or not?

No, you do not need the keytab, you just need the correct setup that 
uses the users kerberos ticket via PAM at login.


More information about the samba mailing list