[Samba] mount share using kerberos ticket fails

Yvan Masson yvan at masson-informatique.fr
Tue Mar 10 10:10:19 UTC 2020

Le 10/03/2020 à 10:37, Rowland penny via samba a écrit :
> On 10/03/2020 09:18, Yvan Masson via samba wrote:
>> If think I did not properly explain my setup, sorry for that: Samba 
>> here is not sharing anything. It is just used for joining a Windows 
>> domain, so that users can sit on a chair in front of this Debian 
>> computer, use their domain credentials in LightDM, and then access 
>> theirs personal and shared data (that are shared by the Windows DC, 
>> mounted locally by pam_mount).
> Yes, telling us that would have helped.
I used the word "workstation" in my initial post, thinking it was 
>> So, my understanding is that my setup does not require creating an UPN 
>> and a corresponding keytab to put on this Linux client. I am probably 
>> not completely wrong as mounting a Windows share on the Debian 
>> computer using Kerberos now works :-).
> No, it should work without manually creating any UPN's, SPN's or keytabs
>> I permit myself this question again: in this setup, is it useful to 
>> have /etc/krb5.keytab or not?
> No, you do not need the keytab, you just need the correct setup that 
> uses the users kerberos ticket via PAM at login.
> Rowland
OK thanks. Any idea why mounting a share worked using one servers' 
hostname and not the other? They both resolve to the same IP.


More information about the samba mailing list